RFC: retry keyservers witout SRV

Werner Koch wk at gnupg.org
Fri Nov 24 11:12:15 CET 2017


On Wed, 22 Nov 2017 19:04, mcgrof at kernel.org said:

> "though shall not skip SRV HKP". Why should we avoid simply DNS lookups
> if all SRV HKP attempts fail? Currently we fail with a brutal and non-obvious
> non-functional GPG for basic operations.

Because that is not the Right Thing to do.  However, I can imagine an
option --debug-no-srv-lookups.  You could use this as a workaround and
we may use it to debug problems with SRV records.  The "debug" prefix
would also clearly mark this as a non-standard option.

> I'll keep on digging to root cause 1) by looking to see if there may be an
> old dnsmasq bug, or "feature" / flag, but at this point I could not let
> such issue stall my work, since I reflashed I now cannot reproduce the original
> issue but it would seem there a souls out there that also suffer from it.

Well, then updating the hardware would be better for everyone - most
people would do that against ROCA anyway.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20171124/f0a36679/attachment-0001.sig>


More information about the Gnupg-devel mailing list