a small feature request
David Shaw
dshaw at jabberwocky.com
Thu Feb 24 15:24:52 CET 2005
On Thu, Feb 24, 2005 at 12:17:06PM +0100, Janusz A. Urbanowicz wrote:
> It would be useful to have GPG http keyserver helper to announce itself in
> HTTP transaction using "User-Agent" field in request. Now this field is not
> sent (as it is not obligatory). This results in the following being recorded
> on the server side:
>
> host81-134-162-60.in-addr.btopenworld.com - - [24/Feb/2005:04:30:06 +0100]
> "GET /crypto/0x46399138.asc HTTP/1.0" 200 23855 "-" "-" 7 quiston.tpsa.com
> "-" "-"
>
> Also, announcing GPG version would be useful for tracking of versions
> proliferation.
I've always resisted this, using the logic that if a server operator
doesn't actually *need* to know the GnuPG version, why give it to
them? It's not a security-through-obscurity thing as the keyserver
code needs to be safe no matter what, but more of a need-to-know
thing. None of their business - if I wanted to have my version
tracked, I'd announce the version myself.
This is fine for HKP servers, none of which care if the User-Agent is
there, but I've recently heard reports of some free web services that
don't work with a blank User-Agent field. That would be a problem for
keyserver URLs pointing to a file on those servers. This violates
HTTP, of course, but good luck getting them to change.
David
More information about the Gnupg-devel
mailing list