Fwd: Re: The --use-tor option

Ivan Markin twim at riseup.net
Tue Oct 20 23:55:07 CEST 2015


Werner Koch:
> On Tue, 20 Oct 2015 20:09, twim at riseup.net said:
> 
>> What I'm trying to say is that you're dealing with IPv4/IPv6-addressess,
>> trying to resolve domain names, etc in your code.  When you delegate
> 
> Need to do that to better handle the keyservers in the pools.  Without
> that feature a dead keyserver cannot be detected or replaced by a
> different one. 

I didn't mean that you should eliminate all of this code :). For me it's
sounds reasonable to move this code to a 'clearnet' module. For a 'tor'
module there will be different code to manage keyservers in the pools.
Like Jacob said before, in Tor case it can be OnionBalance to manage
keyservers. To test availability at least you can fetch HS descriptor
and look at the "current-time" and "time-period" fields.

In case of 'network modules', you'll use Tor on high level and be able
to add keyserver management/keyserver setup on top of it.
[I confess that there are no Stem bindings. Yet]

>> this stuff to some library your code becomes platform independent and
>> easier to maintain. So this pluggable network module could be anything
> 
> That is called dirmmgr ;-).  You can even script that
> 
>   $ gpg-connect-agent --dirmngr \
>       '/datafile -' 'dns_cert --dane wk at gnupg.org' /bye >1e42b367.pub

dirmngr is too GnuPG-specific, so I can't use it for my chat app for
example. What is reason to reimplement it for each app (I mean what
you're going to implement :) )?


btw, this script doen't work for me.
-- 
Ivan Markin

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20151020/33a6a399/attachment.sig>


More information about the Gnupg-devel mailing list