[Feature request] send an user agent in hkp request

Fabian Keil freebsd-listen at fabiankeil.de
Mon Feb 4 19:00:28 CET 2013


John Clizbe <John at enigmail.net> wrote:

> Fabian Keil wrote:
> > David Shaw <dshaw at jabberwocky.com> wrote:
> >> On Jan 27, 2013, at 5:33 AM, jbar <jeanjacquesbrucker at gmail.com> wrote:
> >>> It should not be a big job, but is could be great to send an HTTP
> user-agent within hkp request (to search, receive and send keys from/to a key
> keyserver).
> >> 
> >> Not passing a user-agent is actually intentional behavior. Unlike some
> sites which may want to behave differently for different user-agents, you get
> the same key blob no matter who (or what) is making the request. Given this,
> there is no real reason beyond tracking and statistics gathering to send a
> user-agent string, so we don't, as it is really nobody's business what client
> you are using.
> > 
> > An advantage of sending a User-Agent is that it allows the proxy
> > to easily differentiate gpg from other clients to route the
> > requests differently.
> 
> Since all HKP requests are under /pks, I really don't see how an User-Agent
> string would help differentiate them. Also the default port for HKP traffic is
> 11371, that alone should be enough for a proxy at the client end.
> 
> > For example I do not want my gpg requests to share a Tor circuit
> > with my feed reader or web browser and a "User-Agent: GnuPG"
> > header would make this easier, IMHO without disclosing too much
> > information.
> 
> Easier than port 11371? There's only an issue if you're sending HKP traffic on
> port 80.

I also access key servers with my browser and the URLs
contain ":11371/pks/" as well.

Additionally speculating based on the URL would be less reliable
and I'd prefer using the same detection method for all clients.

> > "Detecting" gpg by looking for requests without a User-Agent header
> > only works as long as no other client sends no User-Agent header
> > either.
> 
> Keyserver requests from gpg are handled no differently than requests from PGP
> or any other client. They are easily identified by being on port 11371 and/or
> being under /pks.
 
I was referring to the gpg detection on the proxy. I don't use PGP,
but if I was, I'd probably prefer to let the proxy handle its requests
differently than gpg's.

Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: </pipermail/attachments/20130204/d8c63b0a/attachment-0001.pgp>


More information about the Gnupg-devel mailing list