RFC: retry keyservers witout SRV

Luis R. Rodriguez mcgrof at kernel.org
Tue Nov 28 22:41:21 CET 2017

On Fri, Nov 24, 2017 at 11:12:15AM +0100, Werner Koch wrote:
> On Wed, 22 Nov 2017 19:04, mcgrof at kernel.org said:
> > "though shall not skip SRV HKP". Why should we avoid simply DNS lookups
> > if all SRV HKP attempts fail? Currently we fail with a brutal and non-obvious
> > non-functional GPG for basic operations.
> Because that is not the Right Thing to do.

Thanks, what sort of documentation exists where this is stated other than
in actual code?


> However, I can imagine an
> option --debug-no-srv-lookups.  You could use this as a workaround and
> we may use it to debug problems with SRV records.  The "debug" prefix
> would also clearly mark this as a non-standard option.

Given the above this makes perfect sense.

> > I'll keep on digging to root cause 1) by looking to see if there may be an
> > old dnsmasq bug, or "feature" / flag, but at this point I could not let
> > such issue stall my work, since I reflashed I now cannot reproduce the original
> > issue but it would seem there a souls out there that also suffer from it.
> Well, then updating the hardware would be better for everyone - most
> people would do that against ROCA anyway.

Sure, but given my little survey it would seem many more devices are affected,
so it does not seem to just be a one-off router, essentially completely disabling
PGP without any warning what so ever to the user about the reason for the issue.


More information about the Gnupg-devel mailing list