use-tor should not imply allow-version-check

Werner Koch wk at
Tue Jan 3 13:28:01 CET 2017

On Mon,  2 Jan 2017 18:48, steven at said:

> That doesn't really explain why enabling tor *should* imply update
> checks. I use a GNU/Linux distribution so I get all my updates through

It is the other way around: GnuPG does update its copy of the software
version database by default.  However, for privacy reason it can do this
only if that does not leak the IP address.  With Tor this is asserted.
Without Tor this is not possible and like we have always for done
features (e.g. OCSP) the user is required to enable an option.

> Maybe it's not the update check? Dirmngr has been periodically opening
> a direct TCP connections to on port 443 even when `use-tor`

I can't replicate that.  I tested with "use-tor" and Tor running and Tor
not running.  All worked as expected: I can see traffic to ("tcpick -i eth0 -C -yP -h 'host'") only
when use-tor is not active.  I have not tested with running the
TorBrowser only, though.

Note that is currently a CNAME to

However, while testing I noticed that when you add "use-tor" to
dirmngr.conf and SIGHUP dirmngr (e.g. "gpgconf --reload dirmngr"), Tor
is indeed not used for DNS.  This has been fixed today.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: </pipermail/attachments/20170103/4473ce34/attachment.sig>

More information about the Gnupg-devel mailing list