hkps port

David Shaw dshaw at
Thu Apr 2 14:56:48 CEST 2009

On Apr 2, 2009, at 8:43 AM, Werner Koch wrote:

> On Thu,  2 Apr 2009 13:26, dshaw at said:
>> for all the problems.  Some sites can *only* connect over 443 because
>> of firewalling rules.  I'm rather liking Phil's SRV suggestion at the
> We have port 80 keyservers as well but they are not the default.   
> These
> keyservers exists because of the firewall problems.


> What about round robin DNS names: We could put the port 443 keyservers
> into - they are used by people with firewall
> problems and thus we can be quite sure that those firewalls will also
> allow port 443.  I think this is a less surprising way than to  
> maintain
> another list of with the hkps servers which can't
> be bound to port 443.

I think this is a good idea and should be the standard practice.

> I have no problems with the SRV record suggestion, either.

Ideally, curl would support SRV internally.  It can do a better job  
than we can do as a wrapper from outside, as it can properly walk the  
list of returned servers until one answers.  The best we can do is do  
a SRV lookup, run the selection algorithm, and then hope that the best  
choice is actually running.  Still, it is better than nothing.  If I  
had more spare time, I'd just write SRV for curl and donate it to them.


More information about the Gnupg-devel mailing list