The --use-tor option

Daniel Kahn Gillmor dkg at
Tue Oct 20 20:11:40 CEST 2015

On Tue 2015-10-20 13:31:58 -0400, malte at wrote:
> Quoting Daniel Kahn Gillmor (2015-10-20 16:57:53)
>> On Mon 2015-10-19 10:54:49 -0400, Malte wrote:
>> > On Monday 19 October 2015 15:03 Werner Koch wrote:
>> >
>> >> This is not complete because DNS lookups are leaking.  This could be
>> >> fixed […]
>> >
>> > Maybe Kristian Fiskerstrand would be willing to set up an Onion Service for 
>> > the SKS-Pool that could be used by default?
>> I don't think this makes much sense -- there are already keyservers that
>> offer hidden services (e.g. qdigse2yzvuglcix.onion), but they are
>> individual keyservers.
> Ok. Then let's use that one. My main concern was the DNS resolution
> problem.

Well, that's just one individual keyserver.  If you configure that one
and it dies you've gotta change your settings.  A pool has the usual
advantages of failover, etc.

Given that hidden services have the name bound to the public key, i'm
not sure how you'd operate a hidden service pool without sharing the
associated secret key among all hosts.  Has anyone done any research on
high-availability hidden services?


More information about the Gnupg-devel mailing list