Use keys.openpgp.org as the default key server
The SKS Keyservers are susceptible to signature flooding (references below)
A lot of PGP software (Enigmail, GPG Suite, Android OpenKeychain) have switched to keys.openpgp.org,
a newly developed key server, which mitigates this bug as well as other privacy concerns with the SKS system.
We should switch to it as well. Because Tails is configured to use an onion key server by default, it is still
using the SKS system, even though Enigmail itself has made switch.
OpenPGP.org provides an Onion Service, which can be used as a drop in replacement for the current one:
Thanks for starting this discussion, I didn't dare starting it myself until now :)
I love the concept of keys.openpgp.org and the situation of the SKS pool is very concerning. I've also had continuous problems using the default keyserver configuration of Tails for years and had to overwrite it manually with --keyserver almost every time (see #16575).
My only concern with keys.openpgp.org right now is that it has very little keys right now: most of my contacts are not there yet.
On the other hand, I wonder which fraction of OpenPGP users rely on key servers at all.
At least from my own experience I have the impression that key servers are used a lot by the techie side of OpenPGP users (free software developers, security people, etc.) while the activist side of OpenPGP users don't use them a lot (for different reasons) and are more used to send their public keys in attachment on demand (Enigmail makes this super easy).
So switching to keys.openpgp.org might not be problematic for the less tech-savvy portion of our audience.