RFC: retry keyservers witout SRV
Luis R. Rodriguez
mcgrof at kernel.org
Tue Nov 28 22:41:21 CET 2017
On Fri, Nov 24, 2017 at 11:12:15AM +0100, Werner Koch wrote:
> On Wed, 22 Nov 2017 19:04, mcgrof at kernel.org said:
>
> > "though shall not skip SRV HKP". Why should we avoid simply DNS lookups
> > if all SRV HKP attempts fail? Currently we fail with a brutal and non-obvious
> > non-functional GPG for basic operations.
>
> Because that is not the Right Thing to do.
Thanks, what sort of documentation exists where this is stated other than
in actual code?
*Why?*
> However, I can imagine an
> option --debug-no-srv-lookups. You could use this as a workaround and
> we may use it to debug problems with SRV records. The "debug" prefix
> would also clearly mark this as a non-standard option.
Given the above this makes perfect sense.
> > I'll keep on digging to root cause 1) by looking to see if there may be an
> > old dnsmasq bug, or "feature" / flag, but at this point I could not let
> > such issue stall my work, since I reflashed I now cannot reproduce the original
> > issue but it would seem there a souls out there that also suffer from it.
>
> Well, then updating the hardware would be better for everyone - most
> people would do that against ROCA anyway.
Sure, but given my little survey it would seem many more devices are affected,
so it does not seem to just be a one-off router, essentially completely disabling
PGP without any warning what so ever to the user about the reason for the issue.
Luis
More information about the Gnupg-devel
mailing list