gpg --refresh with large keyrings and hkps in 2.1.1

Werner Koch wk at gnupg.org
Wed Apr 22 10:04:04 CEST 2015


On Mon, 20 Apr 2015 14:03, guilhem at fripost.org said:

> That would be awesome!  Please beware DNS leaks, though.  Also, do you

DNS leaks a re a problem right now.  Dirmngr does its own resolving to
be able to detect and then bypass dead keyservers in the pool.  Thus we
need to find a way to get all A and AAAA records for a given pool name
as well as to retrieve PTR records for the IP addresses.  Any hints on
how to do that without extra configuration work for the user?

It would also be useful to be able to fetch CERT records anonymously.
However this is a different problem and can be mitigated by other methods
of key lookup.  If we add a --use-tor option it should disable all CERT
or DANE lookups.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-devel mailing list