Problems with HKPS pools (GPG 2.1.1)

[Kristian Fiskerstrand]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 02/13/2015 01:30 PM, Adam Ehlers Nyholm Thomsen wrote:
> Dear GnuPG developers,
> 

Hi Adam,

> I tried setting my keyserver to hkps.pool.sks-keyservers.net and
> most times when trying to refresh keys I got:
> 
> gpg: refreshing 12 keys from hkps://hkps.pool.sks-keyservers.net 
> gpg: keyserver refresh failed: General error
> 
> Activating debugging for dirmngr there seemed to be a number of 
> different reasons for this, depending on which server dirmngr chose
> to contact.  However most of these seemede to be related to
> hostname verification.  Would it be possible to give a more
> meaningful error message so that this would be clearer to the
> user?
> 


Indeed, in particular the PTR lookup causes issues with hostname
validation as well as SNI. This has been discussed previously a few
times [0,1,2] and is on the roadmap for fixes in 2.1 [3]

References:
[0]  http://lists.gnupg.org/pipermail/gnupg-devel/2014-May/028458.html
[1] http://lists.gnupg.org/pipermail/gnupg-users/2014-December/051901.html
[2] http://lists.gnupg.org/pipermail/gnupg-users/2014-November/051471.html
[3] https://gnupg.org/roadmap.html

- -- 
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Ab esse ad posse
- From being to knowing
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJU3gVpAAoJEP7VAChXwav6+KcH/AzfhB9XDn+lBqehxLillbtR
s+UPNurxeKpHoZEJLmbnTK1hVgNOz+54Kr55Qsz1Fp6UmunNOR31++44xtV67lcF
S7NW4aC3C/u7bV0FzUox2xj60cBn7OmQDLvH78JwCoMVG9WNyJXFGD67KJ1qSNeV
5VGmUfIOT6Wn1KnDKqPPgHfm6zr2+yubsU9ETG/LjVSDW17Q/7P4kwxNxvgwQivI
SbhoniSY6hf3jpC/VIU3Q6MNiC7S/wcQv1deyx8TahF/ZuE6WKR+DRZ2+VH1D208
zdAhiMqKg6APbPjlOLsdvnpbVciwx78fDqoW/1UPoThTY5nB5dAhHB1k78LbSTw=
=ey8W
-----END PGP SIGNATURE-----