Dirmngr now supports hkps
Werner Koch
wk at gnupg.org
Wed May 7 20:51:07 CEST 2014
On Wed, 7 May 2014 18:17, kristian.fiskerstrand at sumptuouscapital.com
said:
> (i) as tmphost is derived from getnameinfo, the PTR record will be
> used. A concrete example would be sks.karotte.org that resolve to
> 176.9.51.79 which has a PTR of alita.karotte.org. However no keyserver
> is configured on [2] as the expected host is [3]. So trying to grab a
> key will fail.
I considered that but first wanted to implement what I think is the
Right Thing; i.e. I assumed properly configured servers and admins with
full access to the DNS zones.
> have an issue in the situation where using the CN directly the server
> might be presenting a self-signed / corporate signed certificate for
> SNI == CN. In this case we will have a server authentication error
Hmmm.
> I strongly suggest using the original hostname provided as SNI when
> performing keyserver lookups, this is also consistent with current
Okay. What about a dirmngr options to enable or disable the use of the
pool name?
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list