adns and TOR

Ian Jackson ijackson at chiark.greenend.org.uk
Tue Oct 20 17:11:43 CEST 2015 

Werner Koch writes ("adns and TOR"):
> [stuff]
...
> With the standard resolver this is not possible.  Adding a full-fledged
> resolver library to Dirmngr is overkill and we will likely run into
> problems under Windows.  My idea is to make use of the ADNS library.  A
> quick check showed that it is not too much work to add SOCKS5 support
> (to access TOR) and a flag to enable this.
...
> Unfortunately back then the ADNS author did not liked the use of
> autotools and was not genuinely interested in Windows support.

I'm afraid that my enthusiasm for Windows support is still quite low.
In particular, I definitely don't want to deal with libtool, nor with
automake.

>  - Check with upstream ADNS whether adding SOCKS5 support and a TOR flag
>    would be accepted, develop that, and keep keep the APIs of my
>    (Windows) port and upstream in sync.

I would prefer this.

I'm hoping that we can reasonably quickly converge on an appropriate
API for adns.  I don't feel I understand the TOR constraints and
architecture well enough to have a good opinion yet.

So I am going to ask some questions which may seem foolish.


> Meanwhile I implemented a Tor mode to my ADNS version: 
>   http://git.gnupg.org/cgi-bin/gitweb.cgi?p=adns.git;a=commit;h=56eef0afa4c01d2352f8b671a9b22405dc8119db

I'm afraid this commit is very hard to read in your gitweb due to all
the whitespace change noise.

> Do you have an interest to add it to upstream or can we agree on
> a flag value to be used for such a feature?  I use this:

I am not opposed to supporting SOCKS.  But I don't understand why so
much of this has to be done in adns.  Can't SOCKS provide `connect' ?
Is there not some library with the SOCKS protocol client ?

> - adns_if_checkc_freq= 0x0300 /* consistency checks very frequently (slow!) */
> + adns_if_checkc_freq= 0x0300,/* consistency checks very frequently (slow!) */
> + adns_if_tormode=     0x1000 /* route all trafic via TOR.  */

Also, I don't understand why it isn't better to use adns_init_strcfg.
Do we want other random utilities, eg command line utilities, to be
able to use the socksified adns ?

And I don't understand why it is a good idea to teach adns about TOR
rather than to have the next-layer-up TOR things know about that.
But perhaps I don't understand how the TOR client software is
structured.  If you point me to something where I could do some
reading, I'm happy to read up on it.

Thanks,
Ian.

More information about the Gnupg-devel mailing list