Dirmngr now supports hkps
Werner Koch
wk at gnupg.org
Thu May 15 12:07:37 CEST 2014
Hi,
thanks for the comments. To get things straight, let me summarize my understanding:
For plain HTTP:
- No change to the current code
or
- Resolve the name while following CNAME records to get a list of IP
addresses. Then connect any server at its IP address but use the
canonical name of the pool (the one which yields the AAAA records)
for the Host: header.
For HTTPS:
- Resolve the name while following CNAME records to get a list of IP
addresses. Then connect any server at its IP address but use the
canonical name of the pool (the one which yields the AAAA records)
for the Host: header. Use that host: Header name also for SNI.
In all cases make this the default behaviour if the hkp or the hkps is
used for the keyserver URL. If http or https is used, do the same or
use a different approach (e.g. let the DNS resolver decide)?
Use of SRV records is subject to bug 1447 and will be fixed in a second
step?
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list