gpg --refresh with large keyrings and hkps in 2.1.1

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Dec 18 01:17:30 CET 2014 

Hi Phil--

On 12/16/2014 09:58 PM, Phil Pennock wrote:
> Does the same happen with an hkp keyserver?  You don't explicitly note
> that you see things proceed further with hkp, which would lead to
> knowing if the problem is with key sizes (on particular key, which you
> see 83 keys into your keyring) or with TLS.

sorry, i should have mentioned this -- i have no problems with hkp, the
full keyring refreshes.

> If you only see this with TLS, are you able to get a pcap capture of
> what's happening and get a protocol trace?

i've gotten a pcap capture, but it's large (20MiB, 2408 packets, 22 TCP
sessions for a query that fails 20 keys into the refresh) and encrypted,
of course :/

Any suggestions for how to reduce its size to something more managable?

> Things which come to mind as avenues for investigation, assuming
> TLS-specific:
> 
>  * TLS session renegotiation and whether or not the GnuTLS integration
>    in GnuPG is missing some callback to allow this

I'm not seeing any session resumption on any of the 22 TCP sessions in
the packet capture.

>  * keyserver TLS proxy size limits, hitting some particular caching
>    limit in size which fits in memory in a common configuration

i guess i'd need to turn on server-side logging on the keyserver i'm
testing to catch that case, but it doesn't seem to line up with
kristian's report of it changing depending on what network he used.

>  * Whether or not smaller keys kept you from reaching MTU-sized packets
>    and something bad is happening locally for you with timeouts during
>    Path MTU Discovery, only kicking in once the flows are large enough
>    inbound

the MTU i'm seeing is F=1500 at the first hop (based on my running
"traceroute --mtu keys2.kfwebs.net")

> The webpage <http://sks.spodhuis.org/sks-peers> is very ugly, but does
> at least show you in-line in the table what the Via: header is (and the
> Server: header too).  It might be worth selecting a host each with
> "nginx", "Apache", "lighttpd", "Squid", "xs-httpd" and "HAProxy" as the
> TLS provider on the server-side.  This will at least let you rule out
> client/server TLS interop issues.  You'll probably need to coerce the
> hostname to be the pool server, though, to get a validatable certificate
> presented to you.  Might be easiest to just hack /etc/hosts around as
> needed.

well, i've seen failures with the two that i've tested so far:
keys.mayfirst.org (zimmermann.mayfirst.org), which is nginx + sks 1.1.5
and keys2.kfwebs.net, which doesn't indicate what its proxy mechanism is
in that table.

any other suggestions to help with the debugging would be welcome!

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20141217/005f86b2/attachment.sig>

More information about the Gnupg-devel mailing list