Comment 2 for bug 1338781

The required external connection is so that if we revoke the key, gpg will refuse to validate the indices and container images, therefore letting us immediately prevent any of our user from running malicious code in the event our key is compromised.

However something seems odd in your setup because I took great care to make sure all of this does work through an http proxy and it's indeed what we do on all our CI servers (no outside access, everything goes through a squid proxy) where fetching the key works perfectly fine.

Could you paste your environment and ideally proxy logs to try and figure out why things ended up hanging?