dns cert support

David Shaw dshaw at jabberwocky.com
Wed Apr 5 14:42:20 CEST 2006

On Wed, Apr 05, 2006 at 12:30:42PM +0200, Peter Palfrader wrote:

> I notice that if I have both, a IPGP and a PGP CERT RR that GnuPG fails
> to import the key some of the time:


> } peter.palfrader.org.    43200   IN      CERT    6 0 0 FFsAyW1dVK7hIGuvhN56r26UwJx/
> } peter.palfrader.org.    43200   IN      CERT    PGP 0 0 mQGiBDgp0YcRBACN9s8EycXRsu9ym3Sjou1N.....
> Is having them both not supported or is there a bug somewhere?

At the moment, GnuPG will take whichever it sees first (the PGP or the
IPGP, but not both).  So given round robining, if you have both, it
will seem to flip back and forth between the two.  I'm thinking about
having GPG favor one or the other in these cases (probably PGP since
if it has already fetched the whole key, it may as well import it
rather than go to a web page or keyserver somewhere).

The reason it is not fetching from the IPGP record you have there is
there is only a fingerprint, and you must have a --keyserver defined
for it to fetch the fingerprint from in that case.  Do you have a
--keyserver defined?


More information about the Gnupg-users mailing list