Use keyserver that still returns keys with user IDs

[ap-wtioit]

Description

Use keyserver that still returns keys with user IDs

keys.gnupg.net doesn't return user IDs (without approval) and therefore gpg
doesn't accept keys from it.

Fixes #2050

Type of change

• Bug fix (non-breaking change which fixes an issue)

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation (README.md or the documentation under docs/)
• If necessary I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

FYI @wt-io-it

[wernerfred]

LGTM if the pipeline passes.

Thanks for your contribution and the very detailed description of your approach in the linked Issue. Helps a lot keeping track and follow along with your thoughts.

We used keys.gnupg.net as the fail2ban maintainers referenced this server when we asked for their public key. Good finding that you discovered a (only sometimes appearing?) bug in this implementation.

Thanks

[georglauterbach]

Good catch!

[casperklein]

keys.gnupg.net doesn't return user IDs (without approval)

I stumbled upon the same yesterday and hoped that was only temporary. For completeness: It's not about a missing feature, the host doesn't even resolve to an IP address anymore.

[casperklein]

I just found out, that the DNS record for the server pool was intentionally removed.

This service is deprecated. This means it is no longer maintained, and new HKPS certificates will not be issued. Service reliability should not be expected.

Update 2021-06-21: Due to even more GDPR takedown requests, the DNS records for the pool will no longer be provided at all.

Source: https://sks-keyservers.net/status/

keys.gnupg.net was a CNAME for hkps.pool.sks-keyservers.net