#291 add warning when user switches away from hkps key server - GPG Keychain Access

Type	To find
responsible:me	tickets assigned to you
tagged:"@high"	tickets tagged @high
milestone:next	tickets in the upcoming milestone
state:invalid	tickets with the state invalid
created:"last week"	tickets created last week
sort:number, importance, updated	tickets sorted by #, importance or updated
Combine keywords for powerful searching.
Use advanced searching »

#291 ✓wontfix

add warning when user switches away from hkps key server

Reported by steve | November 22nd, 2014 @ 08:08 PM

Users should be notified whenever they try to enter a non-hkps server, that their gpg "address book" might be leaked when searching for keys, updating them and on other key server related operations.

GPG Keychain should only include the hkps sks key server cluster address hkps://hkps.pool.sks-keyservers.net in the default key servers list
if the user enters a custom key server without hkps, display a warning about possible security implications
store any working servers (hkp after warning and hkps) which are entered by the user in the key server list

When this is fixed in GPG Keychain, it should be ported to GPGPreferences.

Comments and changes to this ticket

Support November 25th, 2014 @ 12:39 PM
Assigned to Tender discussion #1575.
steve December 30th, 2014 @ 02:24 PM
- Title changed from “switch to hkps key servers” to “add warning when user switches away from hkps key server”
steve August 12th, 2015 @ 08:10 PM
- Milestone cleared.
steve May 9th, 2018 @ 02:00 PM
Warning: You are about to switch to a key server with unencrypted communication

You are about to switch to a key server communicating over hkp. We recommend using hkps key servers instead. hkps will ensure that all communication to and from the key server is encrypted. Using unencrypted communication with key servers could leak your social graph. It could expose the keys you are using and by that the people you are communicating with over OpenPGP.
steve May 10th, 2020 @ 02:32 PM
- State changed from “new” to “wontfix”
This is obsolete with the introduction of vks hagrid keys.openpgp.org.

GPG Keychain does show a warning when user switches away from vks. As sks key servers are rathr unreliable nowadays, that warning should be sufficient and cover both switching to hkps as well as hkp.
- warning_shown_when_switching_away_from_vks.png 163.3 KB

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.