So we have various options.
- Default GPG keyservers (Hockeypuck)
- new, fixed keyserver - keys.openpgp.org
- SKS (which started the mess why this forum thread was started)
- Some of the options mentioned in the gnupg man page quoted in previous post gpg --recv-keys fails / no longer use keyservers for anything - #20 by Patrick.
- No default key server.
Picking the best technical solution if it had no traction (no actual users) (didn’t check) would also not be helpful for users.
The usefulness of these options are ver limited unfortunately and so hockeypuck is the most practical workaround. Quotes from GPG ML:
Today WKD / WKS seems to me a good compromise for the trilemma keystore, and probably the best way to get the last version of “first-party-attested” certificates, which fresh uid / sub-keys updates and revocations.
I agree, WKD should be the first choice method to publish your own key,
so long as you or someone PGP-friendly is in charge of your email domain
(it’s no use for gmail addresses, for example). But implementing WKD
yourself does not help you discover other people’s keys, unless you both
belong to the same organisation (same applies to AD, LDAP etc).
Most modern software will check WKD regardless of your keyserver
settings, so if it is in use by your correspondent’s email domain, it
should Just Work. But for the majority of users, you still have to fall
back to another discovery method.
Any idea how to know what keyserver is being called up when running from commandline?