Use keys.openpgp.org as the default key server
The SKS Keyservers are susceptible to signature flooding (references
below)
A lot of PGP software (Enigmail, GPG Suite, Android OpenKeychain) have
switched to keys.openpgp.org,
a newly developed key server, which mitigates this bug as well as other
privacy concerns with the SKS system.
We should switch to it as well. Because Tails is configured to use an
onion key server by default, it is still
using the SKS system, even though Enigmail itself has made switch.
OpenPGP.org provides an Onion Service, which can be used as a drop in replacement for the current one:
hkp://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion
References
- https://lists.gnupg.org/pipermail/gnupg-users/2019-June/thread.html#62094
- https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f
- https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html
Related issues
- Related to #16575 (closed)
- Is duplicate of #12689 (closed)
Original created by @blakim on 17090 (Redmine)