Dirmngr now supports hkps

[Kristian Fiskerstrand]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 05/15/2014 12:07 PM, Werner Koch wrote:
> Hi,
> 
> thanks for the comments.  To get things straight, let me summarize
> my understanding:
> 
> For plain HTTP:
> 
> - No change to the current code
> 
> or
> 
> - Resolve the name while following CNAME records to get a list of
> IP addresses.  Then connect any server at its IP address but use
> the canonical name of the pool (the one which yields the AAAA
> records) for the Host: header.
> 
> 
> For HTTPS:
> 
> - Resolve the name while following CNAME records to get a list of
> IP addresses.  Then connect any server at its IP address but use
> the canonical name of the pool (the one which yields the AAAA
> records) for the Host: header.  Use that host: Header name also for
> SNI.
> 
> 
> In all cases make this the default behaviour if the hkp or the hkps
> is used for the keyserver URL.  If http or https is used, do the
> same or use a different approach (e.g. let the DNS resolver
> decide)?

I'd expect the same issues wrt Host: (for virtual hosting sites) for
http and https, as well as SNI for the latter for these protocols as
for hkp(s). The rest sounds good to me.


> 
> Use of SRV records is subject to bug 1447 and will be fixed in a
> second step?

This is indeed currently disabled in the pool so it won't create an
issue in the short term and can be postponed to get a working beta out
from my point of view.


- -- 
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
"We can only see a short distance ahead, but we can see plenty there
that needs to be done."
(Alan Turing)
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJTdOI1AAoJEPw7F94F4Tag0QEQAIwVRNXzYzEwR54Ca1rzaEQA
WsmiMuavhUftBo0af5KxsBizbE2fUbl6atUTOUUJVA5ySIPi9qNrGHPgxu2Ut8V3
Z9m8YJSIGKwc1R2eK3ix0W5UF1bD1pEd8TgAkX79LzqgCGFwuqFBoLBU+iEFD4Vb
puUAdik9UwhkECESW91L6B751v4sUNJulaQGQGmI5FodOfHCow2LaT+rDJ7QhjJa
oyG2cTblq+sy44Sk4/Bhq/2xiZVBXwhGLWl4Stx69LGi2g5qLT+G5loLGTTEqEcn
BsR3uYACa6GKK+TvXJGifBLa9EkcmcfMdienQbfbWutbDuwosq3rY2YBTcPOa+Oc
llqWzD5FNhaRdGojW3LMU4+l2WY3znQsv8jY0I88MDzEnU/prQzZ5s5PB5QS74oC
NRh2GW4dw1DNqBt6/DFLJy7VlA7s9pLrXZbh8vY2iH2ySsMVuOhX9OYFcqljROmr
zG2up5y+X9v5GNpIoejKLpdlVGDiA+3Y1n4OGPQ6whvI8ZvyEg4t+bhAzMxN3Zgh
fLhm5BwmYTvQ45hO+OEjHKd3ugOrM8ZrYe1hQogsKg43Cyj7vRTeXCJRdeywyACS
vKS3lZE/Wu6JhwPbCOz8yp49iIYyrrHK4sXoMZBOZZ9DIybvIX1/LpsEOpPOVpeg
vjjDhvi+DxbOzU12/FZp
=hzwA
-----END PGP SIGNATURE-----