RFC: retry keyservers witout SRV
Werner Koch
wk at gnupg.org
Fri Nov 24 11:12:15 CET 2017
On Wed, 22 Nov 2017 19:04, mcgrof at kernel.org said:
> "though shall not skip SRV HKP". Why should we avoid simply DNS lookups
> if all SRV HKP attempts fail? Currently we fail with a brutal and non-obvious
> non-functional GPG for basic operations.
Because that is not the Right Thing to do. However, I can imagine an
option --debug-no-srv-lookups. You could use this as a workaround and
we may use it to debug problems with SRV records. The "debug" prefix
would also clearly mark this as a non-standard option.
> I'll keep on digging to root cause 1) by looking to see if there may be an
> old dnsmasq bug, or "feature" / flag, but at this point I could not let
> such issue stall my work, since I reflashed I now cannot reproduce the original
> issue but it would seem there a souls out there that also suffer from it.
Well, then updating the hardware would be better for everyone - most
people would do that against ROCA anyway.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20171124/f0a36679/attachment-0001.sig>
More information about the Gnupg-devel
mailing list