a small feature request

David Shaw dshaw at jabberwocky.com
Thu Feb 24 15:24:52 CET 2005


On Thu, Feb 24, 2005 at 12:17:06PM +0100, Janusz A. Urbanowicz wrote:
> It would be useful to have GPG http keyserver helper to announce itself in
> HTTP transaction using "User-Agent" field in request. Now this field is not
> sent (as it is not obligatory). This results in the following being recorded
> on the server side:
> 
> host81-134-162-60.in-addr.btopenworld.com - - [24/Feb/2005:04:30:06 +0100]
>   "GET /crypto/0x46399138.asc HTTP/1.0" 200 23855 "-" "-" 7 quiston.tpsa.com
>   "-" "-"
>
> Also, announcing GPG version would be useful for tracking of versions 
> proliferation.

I've always resisted this, using the logic that if a server operator
doesn't actually *need* to know the GnuPG version, why give it to
them?  It's not a security-through-obscurity thing as the keyserver
code needs to be safe no matter what, but more of a need-to-know
thing.  None of their business - if I wanted to have my version
tracked, I'd announce the version myself.

This is fine for HKP servers, none of which care if the User-Agent is
there, but I've recently heard reports of some free web services that
don't work with a blank User-Agent field.  That would be a problem for
keyserver URLs pointing to a file on those servers.  This violates
HTTP, of course, but good luck getting them to change.

David



More information about the Gnupg-devel mailing list