Dirmngr now supports hkps

Werner Koch wk at gnupg.org
Thu May 15 12:07:37 CEST 2014


Hi,

thanks for the comments.  To get things straight, let me summarize my understanding:

For plain HTTP:

  - No change to the current code

 or

  - Resolve the name while following CNAME records to get a list of IP
    addresses.  Then connect any server at its IP address but use the
    canonical name of the pool (the one which yields the AAAA records)
    for the Host: header.
 

For HTTPS:

  - Resolve the name while following CNAME records to get a list of IP
    addresses.  Then connect any server at its IP address but use the
    canonical name of the pool (the one which yields the AAAA records)
    for the Host: header.  Use that host: Header name also for SNI.
  

In all cases make this the default behaviour if the hkp or the hkps is
used for the keyserver URL.  If http or https is used, do the same or
use a different approach (e.g. let the DNS resolver decide)?

Use of SRV records is subject to bug 1447 and will be fixed in a second
step?


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-devel mailing list