Remove support for preferred keyserver. #36
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Preferred keyservers can be used in data signatures and user id signatures, and allow the signer to provide one (or more) URIs that supposedly can be used to lookup or refresh the public key of the signer (refreshing is important to check for revocations).
This is a severe misfeature, and NeoPG removes support for it, because of the following reasons:
https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556
, which is not a keyserver, but a lookup URL for this particular key on that keyserver. Another uses the URI schemex-hkp
, while the others usehkp
,hkps
orhttp
. Those indicatinghttp
do not have the correct port (11371) for hkp access. And only 2 indicate secure access via TLS with hkps or https, while the others indicate unprotected access via hkp or http, irregardless of the current status of https/hkps support on the server.I have not checked the expiration and revocation status to see if those would help in this particular case. In general, it can be arbitrary complicated.
The API of libneopg will provide low-level access to this information, if it exists, which might be sufficient for some users who want to experiment with them. In case it is desirable to do key lookup based on signatures containing keyserver information, it would be important to involve the user anyway, and not do it automatically behind the scenes.