[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Keyserver for gpg.conf ?

On Sat, Nov 15, 2025 at 8:10 AM Francesco Poli
<invernomuto@paranoici.org> wrote:
>
> Hello everyone!
>
> I had
>
>   keyserver hkps://pgp.surf.nl
>
> in my ~/.gnupg/gpg.conf , but I have been experiencing issues with it
> for the last few days, see the following excerpt from /var/log/syslog :
>
>   dirmngr[3569]: error accessing 'https://pgp.surf.nl:443/pks/lookup?op=get&options=mr&search=0x............': http status 503
>   dirmngr[3569]: selecting a different host due to a 503 (Service Unavailable)
>   dirmngr[3569]: error accessing 'https://pgp.surf.nl:443/pks/lookup?op=get&options=mr&search=0x............': http status 503
>   dirmngr[3569]: selecting a different host due to a 503 (Service Unavailable)
>   dirmngr[3569]: error accessing 'https://pgp.surf.nl:443/pks/lookup?op=get&options=mr&search=0x............': http status 503
>   dirmngr[3569]: selecting a different host due to a 503 (Service Unavailable)
>   dirmngr[3569]: error accessing 'https://pgp.surf.nl:443/pks/lookup?op=get&options=mr&search=0x............': http status 503
>   dirmngr[3569]: selecting a different host due to a 503 (Service Unavailable)
>   dirmngr[3569]: error accessing 'https://pgp.surf.nl:443/pks/lookup?op=get&options=mr&search=0x............': http status 503
>   dirmngr[3569]: selecting a different host due to a 503 (Service Unavailable)
>   dirmngr[3569]: error accessing 'https://pgp.surf.nl:443/pks/lookup?op=get&options=mr&search=0x............': http status 503
>   dirmngr[3569]: command 'KS_GET' failed: No data
>
>
> I tried to change keyserver.
> The Debian wiki key signing [page] suggests the following ones (beyond
> the Debian keyring one):
>
>  * https://keyserver.ubuntu.com (recommended)
>  * https://keys.openpgp.org/ (used by Thunderbird)
>  * https://pgp.surf.nl/
>  * https://pgp.mit.edu
>
> [page]: <https://wiki.debian.org/Keysigning>
>
> Among these, I only managed to make the following one work:
>
>   keyserver hkps://pgp.mit.edu

Daniel Kahn Gillmor (dkg) recommends using a constrained keyserver
like keys.openpgp.org if you want to check for certificate updates,
revocation, expiration, or subkey rollover.  If there's a problem with
OpenPGS's keyserver, then it might be a good idea to contact them.

Also note that newer OpenPGP servers can give older GnuPG clients
problems.  See <https://www.google.com/search?q=openpgp+gnupg+key+server+interoperability+issues>.

> But it seems to work unreliably, it worked for a couple of key
> refreshes, but now it's giving me:
>
>   dirmngr[4391]: host 'pgp.mit.edu' marked as dead
>   dirmngr[4391]: host 'pgp.mit.edu' marked as dead
>   dirmngr[4391]: host 'pgp.mit.edu' marked as dead
>   dirmngr[4391]: host 'pgp.mit.edu' marked as dead
>   dirmngr[4391]: host 'pgp.mit.edu' marked as dead
>   dirmngr[4391]: host 'pgp.mit.edu' marked as dead
>   dirmngr[4391]: host 'pgp.mit.edu' marked as dead
>   dirmngr[4391]: host 'pgp.mit.edu' marked as dead
>   dirmngr[4391]: command 'KS_GET' failed: No keyserver available
>   dirmngr[4391]: host 'pgp.mit.edu' marked as dead
>   dirmngr[4391]: command 'KS_GET' failed: No keyserver available
>
> Which keyserver do you currently use/recommend ?
>
> Thanks for any help you may provide!
>
> P.S.: please Cc me on replies, I am not subscribed to the list.

Jeff
Reply to: