Page MenuHome GnuPG
Feed Advanced Search

Jul 2 2019

dkg added a comment to T4603: dirmngr WKD redirection changes paths.

Thanks for the pointer, @werner. Certainly we want T4590 fixed.

Jul 2 2019, 5:37 PM · gnupg (gpg22), wkd, dirmngr, Bug Report
werner added a comment to T4603: dirmngr WKD redirection changes paths.

We need to rewrite the Location to avoid a CSRF attack. See fa1b1eaa4241ff3f0634c8bdf8591cbc7c464144

Jul 2 2019, 4:18 PM · gnupg (gpg22), wkd, dirmngr, Bug Report
dkg updated the task description for T4603: dirmngr WKD redirection changes paths.
Jul 2 2019, 3:44 PM · gnupg (gpg22), wkd, dirmngr, Bug Report
dkg created T4603: dirmngr WKD redirection changes paths.
Jul 2 2019, 3:43 PM · gnupg (gpg22), wkd, dirmngr, Bug Report

Jul 1 2019

werner triaged T4593: dirmngr should not apply Kristian's CA when fetching from a keyserver that is not `hkps.pool.sks-keyservers.net` as Low priority.
Jul 1 2019, 9:18 PM · gnupg (gpg22), Bug Report, dirmngr
dkg updated subscribers of T4593: dirmngr should not apply Kristian's CA when fetching from a keyserver that is not `hkps.pool.sks-keyservers.net`.

I should add that i don't really care whose fault it is if the software is broken by some downstream. if it harms any users, and we can fix it, we should fix it, especially if the fix is easy.

Jul 1 2019, 9:13 PM · gnupg (gpg22), Bug Report, dirmngr
dkg added a comment to T4593: dirmngr should not apply Kristian's CA when fetching from a keyserver that is not `hkps.pool.sks-keyservers.net`.

We're writing free software, which we know that people use and modify downstream. if we know that the software has a particular sharp edge that people who are modifying it are likely to cut themselves on, we have two options:

Jul 1 2019, 9:03 PM · gnupg (gpg22), Bug Report, dirmngr
werner added a comment to T4593: dirmngr should not apply Kristian's CA when fetching from a keyserver that is not `hkps.pool.sks-keyservers.net`.

Come on, if someone changes the software and breaks it, it is their's fault ant not ours. The whole thing on which keyserver and certificate to use as been discussed ad nausea in the past. Given all the problems with the keyservers I do not see a reason to change it right away to a state we had before. Keyserver code is pretty hard to test and has thus always been prone to regressions.

Jul 1 2019, 8:05 PM · gnupg (gpg22), Bug Report, dirmngr
werner triaged T4600: dirmngr enters a loop when the keyserver returns 503 error as High priority.

(See T4175 why this changed in 2.2.12.)

Jul 1 2019, 8:00 PM · gnupg (gpg22), dirmngr, Bug Report
werner claimed T4599: remap `--search` to `--locate-keys` (with warning).
Jul 1 2019, 7:31 PM · gnupg (gpg23), dirmngr
dkg reopened T4593: dirmngr should not apply Kristian's CA when fetching from a keyserver that is not `hkps.pool.sks-keyservers.net` as "Open".

If the default keyserver is not hkps.pool.sks-keyservers.net, then @kristianf's CA certificate has no business certifying it.

Jul 1 2019, 6:31 PM · gnupg (gpg22), Bug Report, dirmngr
dkg created T4599: remap `--search` to `--locate-keys` (with warning).
Jul 1 2019, 6:16 PM · gnupg (gpg23), dirmngr
werner closed T4593: dirmngr should not apply Kristian's CA when fetching from a keyserver that is not `hkps.pool.sks-keyservers.net` as Wontfix.

I see no need for this.

Jul 1 2019, 9:50 AM · gnupg (gpg22), Bug Report, dirmngr

Jun 30 2019

dkg added a project to T4594: dirmngr appears to unilaterally import system CAs: Bug Report.
Jun 30 2019, 7:27 PM · Bug Report, dirmngr, gnupg (gpg22)
dkg added a comment to T4594: dirmngr appears to unilaterally import system CAs.

To be clear, this would allow the least competent CA in the system root trust anchor list to certify an arbitrary server as a member of hkps.pool.sks-keyservers.net. So it is in some sense a security vulnerability -- it allows for a bypass of the correct authority.

Jun 30 2019, 7:26 PM · Bug Report, dirmngr, gnupg (gpg22)
dkg created T4594: dirmngr appears to unilaterally import system CAs.
Jun 30 2019, 6:14 PM · Bug Report, dirmngr, gnupg (gpg22)
dkg added a comment to T4593: dirmngr should not apply Kristian's CA when fetching from a keyserver that is not `hkps.pool.sks-keyservers.net`.

I've just pushed 1c9cc97e9d47d73763810dcb4a36b6cdf31a2254 to the branch dkg-fix-T4593

Jun 30 2019, 6:12 PM · gnupg (gpg22), Bug Report, dirmngr
dkg updated the task description for T4593: dirmngr should not apply Kristian's CA when fetching from a keyserver that is not `hkps.pool.sks-keyservers.net`.
Jun 30 2019, 6:09 PM · gnupg (gpg22), Bug Report, dirmngr
dkg created T4593: dirmngr should not apply Kristian's CA when fetching from a keyserver that is not `hkps.pool.sks-keyservers.net`.
Jun 30 2019, 6:09 PM · gnupg (gpg22), Bug Report, dirmngr

Jun 28 2019

dkg added a comment to T4590: dirmngr does not perform WKD advanced lookup.

I recognize that adding network activity to the test suite can be complicated (not all test suites are run with functional network access), but if it is possible to have a unit test or something (that doesn't do network access, but just looks at what the dirmngr *would* have tried somehow?), that would be great. Thanks for looking into this!

Jun 28 2019, 2:39 PM · gnupg (gpg22), wkd, dirmngr, Bug Report
werner triaged T4590: dirmngr does not perform WKD advanced lookup as High priority.

Confirmed; that looks like a regression.

Jun 28 2019, 12:09 PM · gnupg (gpg22), wkd, dirmngr, Bug Report
dkg created T4590: dirmngr does not perform WKD advanced lookup.
Jun 28 2019, 6:29 AM · gnupg (gpg22), wkd, dirmngr, Bug Report

Jun 21 2019

Valodim added a comment to T4493: Default to HKPS, not HKP.

A possible exception here is that .onion TLDs should stick with HKP by default

Jun 21 2019, 11:16 AM · dirmngr, Feature Request

Jun 19 2019

dkg added a comment to T4566: dirmngr fails with HTTP 302 redirection to hkps.

Any word on this? i've pushed a fix for this into debian experimental as a part of 2.2.16-2, but i am concerned that there's no adoption from upstream. If there's a reason that this is the wrong fix, please do let me know!

Jun 19 2019, 7:06 PM · gnupg (gpg22), dirmngr, Bug Report

Jun 18 2019

dkg added a comment to T4512: gpg's --keyserver option should be more robustly deprecated.

If we only need it for backward compatibility, then the configuration in gpg.conf should *not* be overriding the preferred, forward-looking form of the configuration (in dirmngr.conf). If it is low priority to fix this, then there will be a generation of GnuPG users and toolchains which deliberately configure the value in gpg.conf instead of dirmngr.conf because they'll know that's the more robust way to do it.

Jun 18 2019, 2:56 AM · gnupg24, gnupg (gpg23), Documentation, Keyserver, Bug Report

Jun 11 2019

dkg added a comment to T4566: dirmngr fails with HTTP 302 redirection to hkps.

@gouttegd good catch!

Jun 11 2019, 9:41 AM · gnupg (gpg22), dirmngr, Bug Report

Jun 8 2019

werner removed a project from T4566: dirmngr fails with HTTP 302 redirection to hkps: ntbtls.

I just assumed that is an ntbtls problem.

Jun 8 2019, 10:26 PM · gnupg (gpg22), dirmngr, Bug Report
gouttegd added a comment to T4566: dirmngr fails with HTTP 302 redirection to hkps.

If I understand correctly, this is exactly the same problem that the one we encountered some time ago in the code dealing with fetching keys from HTTP (--fetch-keys), and that we fixed with this patch.

Jun 8 2019, 10:17 PM · gnupg (gpg22), dirmngr, Bug Report
dkg added a comment to T4566: dirmngr fails with HTTP 302 redirection to hkps.

fwiw, the bug looks like it's in send_request in ks-engine-hkp.c, which re-uses the http_session object without re-initializing its tls_session member.

Jun 8 2019, 4:16 PM · gnupg (gpg22), dirmngr, Bug Report
dkg updated subscribers of T4566: dirmngr fails with HTTP 302 redirection to hkps.

thanks for the triage, @werner!

Jun 8 2019, 2:20 PM · gnupg (gpg22), dirmngr, Bug Report
werner triaged T4512: gpg's --keyserver option should be more robustly deprecated as Low priority.

We need --keyserver in gpg for just one reason: backward compatibility.

Jun 8 2019, 10:40 AM · gnupg24, gnupg (gpg23), Documentation, Keyserver, Bug Report
werner added a project to T4566: dirmngr fails with HTTP 302 redirection to hkps: gnupg (gpg22).
Jun 8 2019, 10:38 AM · gnupg (gpg22), dirmngr, Bug Report
werner triaged T4566: dirmngr fails with HTTP 302 redirection to hkps as High priority.
Jun 8 2019, 10:38 AM · gnupg (gpg22), dirmngr, Bug Report
dkg created T4566: dirmngr fails with HTTP 302 redirection to hkps.
Jun 8 2019, 6:53 AM · gnupg (gpg22), dirmngr, Bug Report
dkg reopened T4512: gpg's --keyserver option should be more robustly deprecated as "Open".

thanks for fixing that error message, @werner. As @Valodim points out in discusson about hagrid, a gpg.conf keyserver option (deprecated according to the documentation) overrides the dirmngr.conf keyserver option (not deprecated according to the documentation.

Jun 8 2019, 5:29 AM · gnupg24, gnupg (gpg23), Documentation, Keyserver, Bug Report

May 31 2019

werner triaged T4547: improve error message ("Not enabled") when using Tor network and standard resolver as Normal priority.
May 31 2019, 9:19 AM · dirmngr, gnupg (gpg22), Bug Report

May 28 2019

werner closed T3966: Dirmngr: no suitable certificate found to verify the OCSP response as Resolved.
May 28 2019, 12:32 PM · gpg4win, dirmngr, S/MIME
werner added a comment to T3966: Dirmngr: no suitable certificate found to verify the OCSP response.

We only supported SHA-1 signed OCSP requests. Fix will go into 2.2.16.

May 28 2019, 12:29 PM · gpg4win, dirmngr, S/MIME

May 27 2019

werner added a comment to T4165: Dirmngr: Ipv6 causes network failure if Ipv6 can't be reached.

I doubt that we are going to implement this.

May 27 2019, 6:15 PM · Keyserver, Feature Request, dirmngr

May 24 2019

werner added a comment to T4538: Support PSS signed CRLs.

Interesting tinge: The main CRL of the dgn.de CA uses a nextUpdate in the year 2034 (15 years in the future) which would force dirmngr to cache the CRL until then. However, the CRL of the intermediate certificate has a nextUpdate only one month in the future. There is currently no entry in that second level CRL, so their idea might be that an updated second level CRL will also trigger a reload of the main CRL. I have not checked how we implement that in Dirmngr but I doubt that such a thing will work for us and that it is in any way standard compliant.

May 24 2019, 11:59 AM · dirmngr, S/MIME, libksba
werner added a subtask for T4538: Support PSS signed CRLs: T4523: Gpg4win: Multiple problems reported 05-2019.
May 24 2019, 9:10 AM · dirmngr, S/MIME, libksba
werner removed a parent task for T4538: Support PSS signed CRLs: T4523: Gpg4win: Multiple problems reported 05-2019.
May 24 2019, 9:10 AM · dirmngr, S/MIME, libksba
werner added a parent task for T4538: Support PSS signed CRLs: T4523: Gpg4win: Multiple problems reported 05-2019.
May 24 2019, 9:08 AM · dirmngr, S/MIME, libksba
werner created T4538: Support PSS signed CRLs.
May 24 2019, 8:58 AM · dirmngr, S/MIME, libksba

May 23 2019

wheelerlaw reopened T3065: dirmngr: proxy issues with dnslookup causing failure as "Open".

Are you not reading what I am saying to you?? Once again, your explanation is INVALID because that would mean that gnupg would be BROKEN, because it would be a NON-COMPLIANT http client according to the RFC I quoted.

May 23 2019, 1:58 PM · gnupg (gpg22), dns, dirmngr
werner edited projects for T3287: Improve http proxy support by honoring SRV RRs., added: gnupg (gpg23); removed gnupg (gpg22).
May 23 2019, 9:43 AM · gnupg, dirmngr
werner closed T3065: dirmngr: proxy issues with dnslookup causing failure as Wontfix.

I explained why the keyserver access requires access to the DNS. If that is not possible the keyserver code will not work. If you don't allow DNS to work you either have to use Tor (which we use to also tunnel DNS requests) or get your keys from elsewhere. Also note that the keyserver network is current several broken and under DoS and thus it is unlikely that it can be operated in the future.

May 23 2019, 9:42 AM · gnupg (gpg22), dns, dirmngr

May 17 2019

werner triaged T4444: dirmngr fails with keyservers specified by IP without rDNS; reported as dead host or uses wrong Host header as Normal priority.
May 17 2019, 6:47 PM · Keyserver, dns, dirmngr, Bug Report
aheinecke added a comment to T4511: dirmngr error logs claim that HTTP GET requests are percent-escaped, but they are not.

I agree with @dkg here.

May 17 2019, 12:42 PM · Bug Report, dirmngr

May 16 2019

dkg added a comment to T4511: dirmngr error logs claim that HTTP GET requests are percent-escaped, but they are not.

"requires too much changes" i can understand.

May 16 2019, 11:00 PM · Bug Report, dirmngr
werner triaged T4511: dirmngr error logs claim that HTTP GET requests are percent-escaped, but they are not as Wishlist priority.

This requires too much changes and does not reflect the reality. It actually makes debugging harder for us.

May 16 2019, 10:52 AM · Bug Report, dirmngr

May 15 2019

werner closed T4466: Clean up --keyserver documentation in gpg(1) as Resolved.

Thanks

May 15 2019, 9:20 AM · Keyserver, gnupg (gpg22), dirmngr, Documentation
werner claimed T4466: Clean up --keyserver documentation in gpg(1).
May 15 2019, 9:06 AM · Keyserver, gnupg (gpg22), dirmngr, Documentation

May 14 2019

dkg added a comment to T4511: dirmngr error logs claim that HTTP GET requests are percent-escaped, but they are not.

I think you are saying that dirmngr receives the query term as escaped data in the assuan connection from the dirmngr client (typically, gpg, which itself decides how to percent-escape what it feeds into libassuan).

May 14 2019, 4:10 PM · Bug Report, dirmngr
werner triaged T4513: dirmngr should try the configured keyservers anyway even if they are all dead as Normal priority.
May 14 2019, 10:09 AM · Feature Request, Keyserver, dirmngr
werner added a comment to T4511: dirmngr error logs claim that HTTP GET requests are percent-escaped, but they are not.

This is easy to explain: dirmngr receives already escaped data and that is what you see in the log. For proper parsing of the URI the escaping needs to be removed and only before sending the request the required escaping is applied. '@', '<', and '>' do not need to be escaped and thus you see them as they are.

May 14 2019, 9:59 AM · Bug Report, dirmngr
werner claimed T4511: dirmngr error logs claim that HTTP GET requests are percent-escaped, but they are not.
May 14 2019, 8:52 AM · Bug Report, dirmngr
werner closed T4512: gpg's --keyserver option should be more robustly deprecated as Resolved.

I removed this specialized error message. Thanks for reporting.

May 14 2019, 8:38 AM · gnupg24, gnupg (gpg23), Documentation, Keyserver, Bug Report
dkg updated the task description for T4512: gpg's --keyserver option should be more robustly deprecated.
May 14 2019, 7:42 AM · gnupg24, gnupg (gpg23), Documentation, Keyserver, Bug Report
dkg edited projects for T4466: Clean up --keyserver documentation in gpg(1), added: dirmngr, gnupg (gpg22), Keyserver; removed gnupg.
May 14 2019, 7:40 AM · Keyserver, gnupg (gpg22), dirmngr, Documentation
dkg added a comment to T4513: dirmngr should try the configured keyservers anyway even if they are all dead.

This is particularly bad for users who have manually specified a given keyserver in dirmngr.conf, because even a transient failure in that keyserver will prevent them from any future keyserver requests until dirmngr decides that the "death" has worn off.

May 14 2019, 1:00 AM · Feature Request, Keyserver, dirmngr
dkg created T4513: dirmngr should try the configured keyservers anyway even if they are all dead.
May 14 2019, 12:54 AM · Feature Request, Keyserver, dirmngr
dkg created T4512: gpg's --keyserver option should be more robustly deprecated.
May 14 2019, 12:49 AM · gnupg24, gnupg (gpg23), Documentation, Keyserver, Bug Report
dkg created T4511: dirmngr error logs claim that HTTP GET requests are percent-escaped, but they are not.
May 14 2019, 12:19 AM · Bug Report, dirmngr

May 13 2019

dkg added a comment to T4467: dirmngr keyserver option (and legacy gpg --keyserver) should assume `hkps://` or `hkp://` if no scheme is present.

further testing suggests that the invalid URI issue is only present for dirmngr's --keyserver option, and gpg's deprecated --keyserver option actually accepts schema-less hostnames.

May 13 2019, 11:33 PM · dirmngr
dkg updated the task description for T4467: dirmngr keyserver option (and legacy gpg --keyserver) should assume `hkps://` or `hkp://` if no scheme is present.
May 13 2019, 11:32 PM · dirmngr
dkg added a comment to T4493: Default to HKPS, not HKP.

see also T4467

May 13 2019, 11:12 PM · dirmngr, Feature Request

May 10 2019

werner triaged T4493: Default to HKPS, not HKP as Normal priority.
May 10 2019, 7:23 PM · dirmngr, Feature Request

May 9 2019

werner triaged T4488: dirmngr: allow changing `use-tor` in a reload as Normal priority.
May 9 2019, 8:10 AM · gnupg (gpg23), dirmngr

May 8 2019

dkg created T4488: dirmngr: allow changing `use-tor` in a reload.
May 8 2019, 1:57 PM · gnupg (gpg23), dirmngr

Apr 23 2019

werner triaged T4465: dirmngr's default tor autodetection mode should autodetect on each connection (falling back to non-tor when tor is unavailable) as Normal priority.
Apr 23 2019, 9:08 AM · Tor, dirmngr, Bug Report
werner triaged T4467: dirmngr keyserver option (and legacy gpg --keyserver) should assume `hkps://` or `hkp://` if no scheme is present as Low priority.
Apr 23 2019, 9:05 AM · dirmngr

Apr 19 2019

dkg created T4467: dirmngr keyserver option (and legacy gpg --keyserver) should assume `hkps://` or `hkp://` if no scheme is present.
Apr 19 2019, 5:26 PM · dirmngr
dkg added a comment to T4465: dirmngr's default tor autodetection mode should autodetect on each connection (falling back to non-tor when tor is unavailable).

I just noticed that dirmngr(8)'s documentation for its --keyserver option says:

Apr 19 2019, 5:11 PM · Tor, dirmngr, Bug Report
dkg added a comment to T4465: dirmngr's default tor autodetection mode should autodetect on each connection (falling back to non-tor when tor is unavailable).

Note that even sending a HUP to dirmngr, when it is in this autodetection mode that observed tor at the start, is insufficient to have it re-run the autodetection. You have to explicitly terminate dirmngr to get it to unlearn the autodetected presence of Tor. This is subtly hinted at in dirmngr(8), but no justification is given for it.

Apr 19 2019, 4:47 PM · Tor, dirmngr, Bug Report
dkg created T4465: dirmngr's default tor autodetection mode should autodetect on each connection (falling back to non-tor when tor is unavailable).
Apr 19 2019, 4:36 PM · Tor, dirmngr, Bug Report

Apr 10 2019

dkg added a comment to T3767: simplify sharing dirmngr's across multiple GNUPGHOMEs.

One of the things that dirmngr has going for it is that it tracks the current network state, and it would be nice to be able to reuse that state across sessions. If an ephemeral keyring can't use a shared dirmngr, there are fewer arguments for having dirmngr in the first place, and people might be more justified in replacing it with things like https://gitlab.com/anarcat/scripts/blob/master/openpgp-key-get

Apr 10 2019, 2:52 AM · Documentation, Feature Request, gnupg, dirmngr

Apr 9 2019

werner lowered the priority of T3767: simplify sharing dirmngr's across multiple GNUPGHOMEs from High to Normal.

I don't anymore think this is a high priority request. BTW, A more real problem than several dirmngr instances is multi-user access to smartcards.

Apr 9 2019, 8:59 AM · Documentation, Feature Request, gnupg, dirmngr

Apr 5 2019

werner triaged T4447: Fix addition of new GPG keys to LDAP as High priority.
Apr 5 2019, 9:07 AM · gnupg (gpg23), patch, LDAP, dirmngr, Bug Report

Apr 3 2019

gray created T4447: Fix addition of new GPG keys to LDAP.
Apr 3 2019, 11:27 AM · gnupg (gpg23), patch, LDAP, dirmngr, Bug Report

Apr 1 2019

robbat2 added a comment to T4444: dirmngr fails with keyservers specified by IP without rDNS; reported as dead host or uses wrong Host header.

HTTP/1.1 spec, RFC 7230, Section 5.4, paragraph 2:
https://tools.ietf.org/html/rfc7230#section-5.4

Apr 1 2019, 8:24 PM · Keyserver, dns, dirmngr, Bug Report
werner added a comment to T4444: dirmngr fails with keyservers specified by IP without rDNS; reported as dead host or uses wrong Host header.

Please be so kind and point me to the specs stating that you should put the IP address into Host:

Apr 1 2019, 8:01 PM · Keyserver, dns, dirmngr, Bug Report
robbat2 added a comment to T4444: dirmngr fails with keyservers specified by IP without rDNS; reported as dead host or uses wrong Host header.

It's up to GPG to send the Host header that shows the user's intent.

Apr 1 2019, 6:20 PM · Keyserver, dns, dirmngr, Bug Report
werner added a comment to T4444: dirmngr fails with keyservers specified by IP without rDNS; reported as dead host or uses wrong Host header.

So in short you want:

  1. Allow to specify a keyserver by IP without any DNS lookups.
  2. When connecting via IP use the IP address for Host:.
Apr 1 2019, 12:55 PM · Keyserver, dns, dirmngr, Bug Report
werner triaged T4443: IPv6 address with scope not accepted as keyserver as Normal priority.
Apr 1 2019, 10:24 AM · gnupg24, dirmngr, dns, Bug Report

Mar 31 2019

robbat2 created T4444: dirmngr fails with keyservers specified by IP without rDNS; reported as dead host or uses wrong Host header.
Mar 31 2019, 10:35 PM · Keyserver, dns, dirmngr, Bug Report

Mar 27 2019

aheinecke closed T4264: Gpg4win 3.1.6, a subtask of T3381: dirmngr won't start on Windows 10 with admin level account, as Resolved.
Mar 27 2019, 1:55 PM · libassuan, Restricted Project, gpg4win, dirmngr, Windows, Bug Report
aheinecke closed T3381: dirmngr won't start on Windows 10 with admin level account as Resolved.

gpg4win 3.1.6 is released which contains this fix.

Mar 27 2019, 1:52 PM · libassuan, Restricted Project, gpg4win, dirmngr, Windows, Bug Report

Mar 19 2019

wheelerlaw added a comment to T3065: dirmngr: proxy issues with dnslookup causing failure.

Also might I add, this used to work perfectly fine in gnupg14. It seems that somewhere along the line a regression was introduced that is causing this erroneous non-compliant behavior in the HTTP client.

Mar 19 2019, 6:18 PM · gnupg (gpg22), dns, dirmngr
wheelerlaw added a comment to T3065: dirmngr: proxy issues with dnslookup causing failure.

Why? Your explanation is invalid because it implicates dirmngr's HTTP client as not comforming to the spec laid out by the RFC. I've quite clearly explained--and backed up with the spec itself--that when a proxy variable is configured, a client should not be doing DNS lookup of the destination hostname. Is there something about that you are not understanding?

Mar 19 2019, 6:13 PM · gnupg (gpg22), dns, dirmngr
werner added a comment to T3065: dirmngr: proxy issues with dnslookup causing failure.

Please show an example regarding something else than a failed access to a pool of keyservers. I explained why it can't work for pools for you.

Mar 19 2019, 7:59 AM · gnupg (gpg22), dns, dirmngr

Mar 18 2019

wheelerlaw reopened T3065: dirmngr: proxy issues with dnslookup causing failure as "Open".

Yes you can, and no you do not. Don't believe me? Then read the spec. At no point does the spec say that there is "nothing that can be done" when a hostname cannot be resolved when connecting through a proxy. In fact, it states precisely the opposite, describing the exact procedure a client should take when making a request through a proxy. See section 5.3, paragraph 3:

Mar 18 2019, 9:21 PM · gnupg (gpg22), dns, dirmngr
werner edited projects for T3257: dirmngr cannot set port for nameserver, added: Feature Request; removed gnupg (gpg22), Bug Report.
Mar 18 2019, 7:30 PM · Feature Request, dirmngr
werner removed a project from T2398: finger support using SRV DNS records: gnupg (gpg22).
Mar 18 2019, 7:29 PM · gnupg, Feature Request, dirmngr
werner closed T2908: dirmngr can't be build w/o LDAP as Wontfix.
Mar 18 2019, 7:28 PM · dirmngr, gnupg (gpg22), Bug Report, gnupg
werner closed T3065: dirmngr: proxy issues with dnslookup causing failure as Invalid.

No we can't we need to know the IP addresses to handle the pools. I have given a workaround for you in my previous comment. You can also use install Tor which we can use for DNS resolving.

Mar 18 2019, 7:26 PM · gnupg (gpg22), dns, dirmngr

Mar 13 2019

wuximeniyu added a comment to T4165: Dirmngr: Ipv6 causes network failure if Ipv6 can't be reached.

There is a solution for it:

Mar 13 2019, 9:55 PM · Keyserver, Feature Request, dirmngr

Feb 28 2019

aheinecke added a comment to T4380: GpgSM: CRL access not possible due to Tor mode.

Btw. I only noticed this now as I always had "disable-tor" in my config but recently removed it for testing.

Feb 28 2019, 7:59 AM · Bug Report, dirmngr, S/MIME
aheinecke created T4380: GpgSM: CRL access not possible due to Tor mode.
Feb 28 2019, 7:59 AM · Bug Report, dirmngr, S/MIME

Feb 25 2019

gniibe added projects to T3381: dirmngr won't start on Windows 10 with admin level account: Restricted Project, libassuan.
Feb 25 2019, 3:37 AM · libassuan, Restricted Project, gpg4win, dirmngr, Windows, Bug Report