dirmngr does not perform WKD advanced lookup
Closed, ResolvedPublic

Description

in draft-koch-openpgp-webkey-service-08, it says:

There are two variants on how to form the request URI: The advanced
and the direct method.  Implementations MUST first try the advanced
method.  Only if the required sub-domain does not exist, they SHOULD
fall back to the direct method.

However, dirmngr 2.2.16 only appears to try the direct method:

2019-06-28 00:21:36 dirmngr[7264] listening on socket '/run/user/1000/gnupg/d.hkbmm37rr1s1gtdpie53koth/S.dirmngr'
2019-06-28 00:21:37 dirmngr[7265.0] permanently loaded certificates: 125
2019-06-28 00:21:37 dirmngr[7265.0]     runtime cached certificates: 0
2019-06-28 00:21:37 dirmngr[7265.0]            trusted certificates: 125 (124,0,0,1)
2019-06-28 00:21:37 dirmngr[7265.6] handler for fd 6 started
2019-06-28 00:21:37 dirmngr[7265.6] DBG: chan_6 -> # Home: /tmp/cdtemp.nJ9Hgt
2019-06-28 00:21:37 dirmngr[7265.6] DBG: chan_6 -> # Config: /tmp/cdtemp.nJ9Hgt/dirmngr.conf
2019-06-28 00:21:37 dirmngr[7265.6] DBG: chan_6 -> OK Dirmngr 2.2.16 at your service
2019-06-28 00:21:37 dirmngr[7265.6] connection from process 7262 (1000:1000)
2019-06-28 00:21:37 dirmngr[7265.6] DBG: chan_6 <- GETINFO version
2019-06-28 00:21:37 dirmngr[7265.6] DBG: chan_6 -> D 2.2.16
2019-06-28 00:21:37 dirmngr[7265.6] DBG: chan_6 -> OK
2019-06-28 00:21:37 dirmngr[7265.6] DBG: chan_6 <- WKD_GET -- dkg@fifthhorseman.net
2019-06-28 00:21:38 dirmngr[7265.6] DBG: chan_6 -> S SOURCE https://fifthhorseman.net
2019-06-28 00:21:38 dirmngr[7265.6] number of system provided CAs: 124
2019-06-28 00:21:41 dirmngr[7265.6] DBG: http.c:request:
2019-06-28 00:21:41 dirmngr[7265.6] DBG: >> GET /.well-known/openpgpkey/hu/sr4so3py756t9p5ktpud9menxx1m3g5b?l=dkg HTTP/1.0\r\n
2019-06-28 00:21:41 dirmngr[7265.6] DBG: >> Host: fifthhorseman.net\r\n
2019-06-28 00:21:41 dirmngr[7265.6] DBG: http.c:request-header:
2019-06-28 00:21:41 dirmngr[7265.6] DBG: >> \r\n
2019-06-28 00:21:42 dirmngr[7265.6] DBG: http.c:response:
2019-06-28 00:21:42 dirmngr[7265.6] DBG: >> HTTP/1.1 200 OK\r\n
2019-06-28 00:21:42 dirmngr[7265.6] http.c:RESP: 'Date: Fri, 28 Jun 2019 04:21:41 GMT'
2019-06-28 00:21:42 dirmngr[7265.6] http.c:RESP: 'Server: Apache/2.4.39'
2019-06-28 00:21:42 dirmngr[7265.6] http.c:RESP: 'Last-Modified: Fri, 28 Jun 2019 04:13:37 GMT'
2019-06-28 00:21:42 dirmngr[7265.6] http.c:RESP: 'ETag: "131e-58c5a80b0bf63"'
2019-06-28 00:21:42 dirmngr[7265.6] http.c:RESP: 'Accept-Ranges: bytes'
2019-06-28 00:21:42 dirmngr[7265.6] http.c:RESP: 'Content-Length: 4894'
2019-06-28 00:21:42 dirmngr[7265.6] http.c:RESP: 'Connection: close'
2019-06-28 00:21:42 dirmngr[7265.6] http.c:RESP: ''
2019-06-28 00:21:42 dirmngr[7265.6] DBG: (4894 bytes sent via D lines not shown)
2019-06-28 00:21:42 dirmngr[7265.6] DBG: chan_6 -> OK
2019-06-28 00:21:54 dirmngr[7265.6] DBG: chan_6 <- BYE
2019-06-28 00:21:54 dirmngr[7265.6] DBG: chan_6 -> OK closing connection
2019-06-28 00:21:54 dirmngr[7265.6] handler for fd 6 terminated

This is working for me for the moment, because fifthhorseman.net publishes WKD at both the "advanced" and the "direct" location. But i'd rather not publish at the "direct" location.

Details

dkg created this task.Jun 28 2019, 6:29 AM
werner triaged this task as High priority.Jun 28 2019, 12:09 PM
werner added a project: gnupg (gpg22).
werner added a subscriber: werner.

Confirmed; that looks like a regression.

dkg added a comment.Jun 28 2019, 2:39 PM

I recognize that adding network activity to the test suite can be complicated (not all test suites are run with functional network access), but if it is possible to have a unit test or something (that doesn't do network access, but just looks at what the dirmngr *would* have tried somehow?), that would be great. Thanks for looking into this!

werner added a comment.Jul 3 2019, 3:45 PM

Oh dear, that happens if one is always on master. I simply forgot to cherry pick the change from master back in November.
Two commits, though.

werner closed this task as Resolved.Jul 3 2019, 3:46 PM
werner claimed this task.

Will be in 2.2.17