Use keys.openpgp.org as the default key server
Originally created by @blakim on #17090 (Redmine)
The SKS Keyservers are susceptible to signature flooding (references
below)
A lot of PGP software (Enigmail, GPG Suite, Android OpenKeychain) have
switched to keys.openpgp.org,
a newly developed key server, which mitigates this bug as well as other
privacy concerns with the SKS system.
We should switch to it as well. Because Tails is configured to use an
onion key server by default, it is still
using the SKS system, even though Enigmail itself has made switch.
OpenPGP.org provides an Onion Service, which can be used as a drop in replacement for the current one:
hkp://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion
References
- https://lists.gnupg.org/pipermail/gnupg-users/2019-June/thread.html#62094
- https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f
- https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html
Related issues
- Related to #16575 (closed)
- Is duplicate of #12689 (closed)
Edited by Ghost User