HKP and firewalls

udo 'mju' fleckenstein udo.fleckenstein@arcor.de
Tue Apr 8 11:42:47 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Heiko,

| How works a http(port80)proxy with port of hkp?

use "keyserver-options honor-http-proxy" in your gpg.conf
set the environmeny variable http_proxy accordingly, i.e.
set http_proxy=http://proxy:3128
~                      ^^^^^ ^^^^^
~                        |     + proxy port
~                        + proxy host

| How get it (the http-proxy) the dns-information, if it think it can't
| contact the port 11371?

it'll ask it's dns-server (independently to the port-question - dns and
port do not depend on each other, at least not in your scenario)

| Who has a working combination of only-proxy-allow firewall with
| http-proxy (Squid) and enigmail (on windows) for the communication? -

well, try the following:
rem should fail, to be sure we're doing it right later on
gpg --recv-keys 0x259C3499

set http_proxy=http://your.proxy.host:port

rem to be sure the honor-http-proxy (and keyserver) option is set
find "keyserver" c:/path/to/your/gpg.conf

|>---------- c:/path/to/your/gpg.conf
|>keyserver x-hkp://blackhole.pca.dfn.de
|>keyserver-options auto-key-retrieve
|>keyserver-options honor-http-proxy

rem should work now, if you've access to the proxy-logs there should be
rem a log entry like:
rem [...] TCP_MISS/200 1745 GET
http://blackhole.pca.dfn.de:11371/pks/lookup? [...]
gpg --recv-keys 0x259C3499

if this works, set http_proxy in your systemproperties (for yourself or
systemwide) and restart mozilla so the new environment variable is
active (if unsure: reboot...)
also the keyserver-entries should be active (esp. honory-http-proxy, the
other ones are set by enigmail independently IIRC)

| What options make the squid-enigmail-gpg-key-retrieve-combination to a
| working suite.

i hope those. if it doesn't work, contact me directly (i'm currently
subscribed to the digest-list only)

cu,
- -udo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+jofcWW6kzec0tFURAmUFAJ43HtjkAcT3m7hxqHbTSsKbfirV0QCfZC6o
2e9+60l4JPX27Fh9P6CtLqM=
=dHq8
-----END PGP SIGNATURE-----