Page MenuHome GnuPG

dirmngr does not support pluggable keyserver helpers
Closed, ResolvedPublic


In gnupg before 2.1.0, gnupg would talk to the keyservers by invoking its
keyserver helper routines (e.g. /usr/lib/gnupg/gpgkeys_hkp). this meant that
other tools could provide alternate keyserver helpers for new transports. One
example of this was monkeysphere's /usr/lib/gnupg/gpgkeys_hkpms (hkp over TLS,
with the client certificate verified by the monkeysphere validation agent).

In 2.1.0, dirmngr takes over the network access, and doesn't appear to support
pluggable transports in this way.

This makes it so that i can't use an hkpms keyserver with dirmngr, afaict.

Is the plan to provide pluggable keyserver transports for dirmngr?

Failing that, would a patch be acceptable that performs monkeysphere-style
certificate verification for the TLS transport?



Event Timeline

dkg set Version to 2.1.0.
dkg added a subscriber: dkg.
werner lowered the priority of this task from Normal to Wishlist.Nov 7 2014, 7:55 AM
werner removed a project: Bug Report.
werner added a project: Feature Request.
werner added a subscriber: werner.

That is really not a bug but a design decision.

The keyserver interface in dirmngr is quite modular and the idea is to add new
interfaces as need arises. Simlar to the smartcard support in scdaemon.

Given that there is no more need for copyright assignments, adding patches shold
not be major problem. So, yes pacthes are accepted - please do it for now as a
complete separate ks-engine-hkpms.c. If we later see that it shares much code
with *-hpk we can merge it then. This better isolates bugs.

werner claimed this task.