Page MenuHome GnuPG

dkg (Daniel Kahn Gillmor)
User

Projects

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Thursday

  • Clear sailing ahead.

User Details

User Since
Mar 27 2017, 4:49 PM (364 w, 14 h)
Availability
Available

Recent Activity

Fri, Mar 8

dkg added a comment to T5110: Primary Key Binding Signature not updated when updating Subkey Binding Signature.

I have also not found a straightforward way to correct a cross-signature that was made with a weak digest algorithm using GnuPG.

Fri, Mar 8, 8:29 PM · gnupg, Bug Report

Feb 2 2024

dkg added a comment to T6972: Explicitly deprecate --use-embedded-filename -- it is hazardous.

The patch supplied here should apply to STABLE-BRANCH-2-4, but it should also be easy enough to backport to STABLE-BRANCH-2-2 and STABLE-BRANCH-1-4. For GnuPG master, i recommend actually removing the option.

Feb 2 2024, 9:14 PM · Documentation, gnupg, patch
dkg created T6972: Explicitly deprecate --use-embedded-filename -- it is hazardous.
Feb 2 2024, 9:12 PM · Documentation, gnupg, patch

Dec 26 2023

dkg added a comment to T6222: gpg --faked-system-time "$(date +%s)!" doesn't work.

One use case that seems sensible to me is to try to convince a long-running operation (e.g. a sequence of key generations) to all use a single timestamp. In this scenario, there's no interest in setting the clock to be some variant of the current time, just an interest in it remaining fixed across all the operations.

Dec 26 2023, 5:57 PM · gnupg, Bug Report

Sep 26 2023

dkg created T6733: yubikey nfc 5 key storage does not work with GnuPG when admin PIN is non-standard..
Sep 26 2023, 12:59 AM · can't replicate, scd, Bug Report

Aug 16 2023

dkg added a comment to T4961: ship gpgrt.pc.

It looks to me like it's marginally more common to *not* use the lib prefix for pkgconfig files:

Aug 16 2023, 12:01 AM · Feature Request, gpgrt

Nov 2 2022

dkg added a comment to T6137: arch-specific (32 bit) failures in AddExistingSubkeyJobTest::testAddExistingSubkeyWithExpiration.

Note the relationship to T4195, T4826, and T4766

Nov 2 2022, 4:03 PM · Restricted Project, qt, gpgme, Bug Report

Oct 20 2022

dkg added a comment to T6238: regexp for trust signature domain restriction does not work if key only has an e-mail address.

@werner i'm not sure i understand what "easy to enclose them in angle brackets just for comparison" means.

Oct 20 2022, 2:48 AM · backport, gnupg (gpg22), Bug Report, Restricted Project

Oct 17 2022

dkg added a comment to T6238: regexp for trust signature domain restriction does not work if key only has an e-mail address.

I recommend, when making a User ID with only an e-mail address, to populate the User IDs by wrapping it in an angle bracket, rather than just leaving the raw e-mail address. It's not just the regexp matcher -- there are other pieces of OpenPGP software that won't recognize a raw e-mail address in a user ID as an e-mail address. It also makes it easy to distinguish such a User ID from a User ID that is not at all an e-mail address.

Oct 17 2022, 10:23 PM · backport, gnupg (gpg22), Bug Report, Restricted Project

Aug 30 2022

dkg added a comment to T6142: On Windows, gpg 2.3.7 thinks the certificates of major keyservers have expired.

Thanks, @gniibe -- i agree that this change to put_cert should be helpful, when encountering a certificate that is already invalid.

Aug 30 2022, 8:04 AM · workaround, gnupg, Keyserver, Bug Report

Aug 25 2022

dkg reopened T6142: On Windows, gpg 2.3.7 thinks the certificates of major keyservers have expired as "Open".

Thanks for the followup about R3, @mpilgrem! Looking at your logs in more details, and the source code for find_cert_bysubject in dirmngr/certcache.c, i think i see what the issue is. It's slightly more subtle than not terminating early if a known trusted root can validate a truncated chain.

Aug 25 2022, 12:46 AM · workaround, gnupg, Keyserver, Bug Report

Aug 24 2022

dkg added a comment to T6142: On Windows, gpg 2.3.7 thinks the certificates of major keyservers have expired.

@mpilgrem, i'm glad that removing the DST Root CA X3 from your windows control panel worked for you, but it still doesn't seem to be a reasonable fix from a GnuPG user perspective

Aug 24 2022, 10:59 PM · workaround, gnupg, Keyserver, Bug Report

Aug 23 2022

dkg added a comment to T6142: On Windows, gpg 2.3.7 thinks the certificates of major keyservers have expired.

@mpilgrem: in the meantime, for connecting to keys.openpgp.org, which *has* cleaned up its certificate chain, you might also want to try killing your dirmngr process, and/or cleaning up the data in .gnupg/dirmngr-cache.d/.

Aug 23 2022, 9:24 PM · workaround, gnupg, Keyserver, Bug Report
dkg added a comment to T6142: On Windows, gpg 2.3.7 thinks the certificates of major keyservers have expired.

Basically, the website in question (e.g. https://openpgpkey.gnupg.org/, which exhibits this problem) serves up three certificates:

Aug 23 2022, 9:17 PM · workaround, gnupg, Keyserver, Bug Report

May 23 2022

dkg added a comment to T5991: gpgme test suite fails when local time differs from UTC time across a day boundary..

I see the patch which does look like it will guarantee that the test suite succeeds. But does it solve the underlying problem, though? I worry that it might just paper over a more subtle problem.

May 23 2022, 7:53 PM · Restricted Project, gpgme, Bug Report

May 21 2022

dkg created T5991: gpgme test suite fails when local time differs from UTC time across a day boundary..
May 21 2022, 7:10 AM · Restricted Project, gpgme, Bug Report

May 2 2022

dkg added a comment to T5954: Building for windows requires gpgrt (libgpg-error) 1.45, but configure.ac claims 1.27.

Debian requires all builds to use software that we have local copies of in the archive, which appears to rule out the use of speedo (it fetches source over the internet during build). So i've modified debian packaging to annotate that the Windows builds need a different version of libgpg-error than that defined in configure.ac.

May 2 2022, 6:03 PM · gnupg (gpg22), Bug Report

Apr 29 2022

dkg added a comment to T5931: OpenSSH 8.9, 9.0, and 9.1 can't authenticate with gpg-agent and usb token (Gnuk >= 1.2.16 is required).

this looks similar to https://dev.gnupg.org/T5935 and https://bugs.debian.org/1008573

Apr 29 2022, 6:24 PM · gnupg24, workaround, Documentation, gnupg (gpg23), ssh, gpgagent

Apr 28 2022

dkg created T5955: pinentry-efl sends warnings to stderr, does not close windows during getpin.
Apr 28 2022, 11:04 PM · efl, pinentry, Bug Report
dkg added a comment to T5120: Incompatible Ed25519 secret key (no-encryption).

Thanks for working on this, @gniibe! Maybe it would be useful to add a test to the test suite that tries to import and use a secret key of this particular structure.

Apr 28 2022, 10:07 PM · gnupg (gpg22), Bug Report
dkg created T5954: Building for windows requires gpgrt (libgpg-error) 1.45, but configure.ac claims 1.27.
Apr 28 2022, 4:38 AM · gnupg (gpg22), Bug Report

Apr 27 2022

dkg updated the task description for T5953: batch signature fails with imported ed25519 signing key as of 2.2.34.
Apr 27 2022, 11:01 PM · gnupg (gpg22), Bug Report
dkg created T5953: batch signature fails with imported ed25519 signing key as of 2.2.34.
Apr 27 2022, 10:58 PM · gnupg (gpg22), Bug Report

Jan 19 2022

dkg closed T5762: libgpg-error: permit auto-introspection on non-glibc platforms like musl as Resolved.

thanks, looks good!

Jan 19 2022, 12:44 AM · gpgrt, Bug Report

Jan 17 2022

dkg committed rE371d1c952297: build: Detect more flexible musl variants of GNU (authored by dkg).
build: Detect more flexible musl variants of GNU
Jan 17 2022, 10:33 PM
dkg added a comment to T5762: libgpg-error: permit auto-introspection on non-glibc platforms like musl.
Jan 17 2022, 8:03 PM · gpgrt, Bug Report
dkg reopened T5762: libgpg-error: permit auto-introspection on non-glibc platforms like musl as "Open".

Thanks for looking into this, @gniibe! over on https://bugs.debian.org/1003313 Helmut is asking for a re-consideration because he wanted to match arm-linux-musleabihf. Would you be ok with a change like my proposal rE371d1c952297f781277b979a4662859ec80fe836 (on branch dkg/expand-musl), that expands *-*-linux-musl to *-*-linux-musl* ?

Jan 17 2022, 7:56 PM · gpgrt, Bug Report

Jan 11 2022

dkg closed T5762: libgpg-error: permit auto-introspection on non-glibc platforms like musl as Resolved.

Thank you, @gniibe ! i'm applying your change to the debian packaging as 1.43-2. i'll let you know if it doesn't satisfy the folks trying to crossbuild debian on top of musl.

Jan 11 2022, 9:53 AM · gpgrt, Bug Report
dkg created T5769: fix typo in autogen.sh.
Jan 11 2022, 9:06 AM · Documentation, gpgrt

Jan 9 2022

dkg created T5762: libgpg-error: permit auto-introspection on non-glibc platforms like musl.
Jan 9 2022, 2:41 AM · gpgrt, Bug Report

Jul 29 2021

dkg added a comment to T4393: GnuPG should always accept key updates even if the update does not contain UIDs.

I share your concerns about centralization of keyserver infrastructure. Rejecting this security fix doesn't help keep keyservers decentralized, though.

Jul 29 2021, 9:27 PM · gnupg (gpg23), Feature Request

Jun 4 2021

dkg added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

Do we want to encourage multiple cleartext wire-format representations of the same secret key?

Jun 4 2021, 3:56 PM · Support, gnupg, OpenPGP

Jun 3 2021

dkg added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

I've mentioned this interop issue (and tried to propose clarifying language for the revised standard) in the IETF OpenPGP WG mailing list.

Jun 3 2021, 3:04 PM · Support, gnupg, OpenPGP

Jun 2 2021

dkg added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

I think rGba321b60bc3bfc29dfc6fa325dcabad4fac29f9c has nothing to do with interoperable formats -- how things are stored in ~/.gnupg/private-keys-v1.d is unrelated to the interoperable transferable secret key format specified in 4880 or its revisions.

Jun 2 2021, 9:51 PM · Support, gnupg, OpenPGP
dkg added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

The problem here appears to be that the "MPI" of the curve25519 secret key is not actually a standard-issue big-endian OpenPGP MPI -- it's an opaque bytestring expected to be passed to the underlying "native" implementation of x25519, in the same way that the secret key is handled for Ed25519.

Jun 2 2021, 1:35 AM · Support, gnupg, OpenPGP
dkg added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

investigating the subkey in python:

Jun 2 2021, 1:20 AM · Support, gnupg, OpenPGP
dkg added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

looks to me like you've got the byte ordering of the Curve25519 secret subkey reversed from the way that GnuPG expects it.

Jun 2 2021, 1:16 AM · Support, gnupg, OpenPGP
dkg added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

fwiw, gpg-agent complains that the keys don't match:

Jun 2 2021, 1:06 AM · Support, gnupg, OpenPGP

Jun 1 2021

dkg added a comment to T5462: gpgconf: Make gpg/keyserver option available again.

why not use gpgconf with the dirmngr component to set the keyserver option there?

Jun 1 2021, 11:07 PM · gnupg (gpg23), Restricted Project

May 27 2021

dkg created T5453: gpgme docs unclear about gpgme_user_id_t.email and gpgme_user_id_t.address.
May 27 2021, 4:17 AM · Documentation, gpgme, Bug Report

May 26 2021

dkg added a comment to T5450: gpgsm --with-colons --list-keys misreports uid: lines where cert subject DN contains an emailAddress component.

Another solution to make life easier for gpgme users encountering this stuff would be if gpgme itself knows which uid is a DN and which is not, it could populate the gpgme_user_id_t.address field with content of the 1.2.840.113549.1.9.1 DN component. (or maybe gpgme_user_id_t.email, or both? as a user of gpgme, i don't really understand the difference between these fields)

May 26 2021, 9:34 PM · libksba, S/MIME, Bug Report
dkg added a comment to T5450: gpgsm --with-colons --list-keys misreports uid: lines where cert subject DN contains an emailAddress component.

fwiw, RFC 2253 is obsoleted by rfc 4514 -- which also doesn't have 1.2.840.113549.1.9.1 associated with "EMAIL", but does provide more detailed guidance for implementers of DN-to-string (and string-to-DN, to the extent that this is possible) conversions. Maybe the code should be updated to refer to the non-obsolete specification at least.

May 26 2021, 9:03 PM · libksba, S/MIME, Bug Report
dkg added a comment to T5450: gpgsm --with-colons --list-keys misreports uid: lines where cert subject DN contains an emailAddress component.

I'm reporting this because the above message renders poorly in notmuch -- notmuch gets the user ID from gmime's g_mime_certificate_get_user_id, and gmime populates that field from the uids field of a gpgme_key_t object, and gpgme pulls uid information from gpgsm --with-colons.

May 26 2021, 3:39 AM · libksba, S/MIME, Bug Report
dkg added a comment to T5450: gpgsm --with-colons --list-keys misreports uid: lines where cert subject DN contains an emailAddress component.

Attached is a proposed patch.

May 26 2021, 3:32 AM · libksba, S/MIME, Bug Report
dkg created T5450: gpgsm --with-colons --list-keys misreports uid: lines where cert subject DN contains an emailAddress component.
May 26 2021, 3:25 AM · libksba, S/MIME, Bug Report
dkg added a comment to T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.

Attached is an even worse PKCS7 blob, that should be validatable given reliance on ca.rsa.crt, but it will be rejected by gpgsm because the PKCS#7 bundle includes ca.rsa.cross2.crt in it.

May 26 2021, 12:07 AM · S/MIME, Bug Report

May 25 2021

dkg updated the task description for T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.
May 25 2021, 11:22 PM · S/MIME, Bug Report
dkg updated the task description for T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.
May 25 2021, 11:21 PM · S/MIME, Bug Report
dkg added a comment to T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.

OK, i have replicated this successfully with no ed25519 involved. here's the new intermediate cert:

May 25 2021, 11:18 PM · S/MIME, Bug Report
dkg added a comment to T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.

Which NIST test suite are you referring to? It might not cover certificate pathfinding in the face of multiple cross-signed authorities.

May 25 2021, 5:37 PM · S/MIME, Bug Report

May 21 2021

dkg updated the task description for T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.
May 21 2021, 3:17 AM · S/MIME, Bug Report
dkg updated the task description for T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.
May 21 2021, 3:17 AM · S/MIME, Bug Report
dkg updated the task description for T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.
May 21 2021, 3:16 AM · S/MIME, Bug Report
dkg updated the task description for T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.
May 21 2021, 3:15 AM · S/MIME, Bug Report
dkg updated the task description for T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.
May 21 2021, 3:14 AM · S/MIME, Bug Report
dkg updated the task description for T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.
May 21 2021, 3:09 AM · S/MIME, Bug Report
dkg renamed T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present from gpgsm fails to find shortest certificate path to valid X.509 root to gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.
May 21 2021, 3:08 AM · S/MIME, Bug Report
dkg created T5445: gpgsm fails to find path to valid X.509 root when cross-signed intermediate certificate is present.
May 21 2021, 1:45 AM · S/MIME, Bug Report

Apr 21 2021

dkg added a comment to T5407: gpg fails to import second secret key in .pfx (PKCS12) file.

Apparently only one of the secret keys is actually imported: the decryption key, but not the signing key.

Apr 21 2021, 6:20 AM · gnupg24, gnupg (gpg23), Feature Request, S/MIME
dkg created T5407: gpg fails to import second secret key in .pfx (PKCS12) file.
Apr 21 2021, 1:59 AM · gnupg24, gnupg (gpg23), Feature Request, S/MIME

Feb 25 2021

dkg added a comment to T4757: gpgsm --import --quiet is not quiet.

thanks, @werner!

Feb 25 2021, 1:35 PM · S/MIME, Bug Report

Feb 24 2021

dkg reopened T4757: gpgsm --import --quiet is not quiet as "Open".

Thanks for the fixes, @werner!

Feb 24 2021, 11:30 PM · S/MIME, Bug Report
dkg added a comment to T4757: gpgsm --import --quiet is not quiet.

Other ways that gpgsm --quiet is not quiet:

Feb 24 2021, 5:36 AM · S/MIME, Bug Report

Feb 19 2021

dkg added a comment to T5308: pkg-config misuse in efl sections of pinentry autoconf tooling.

I don't think the patch made elementary and ecore-x dev headers an absolute hard requirement; in particular, ./configure --disable-efl works fine to build pinentry without having these headers installed.

Feb 19 2021, 2:22 PM · pinentry, Bug Report

Feb 18 2021

dkg committed rP19a18ba5fee0: build: Simplfy use of pkg-config when testing for EFL. (authored by dkg).
build: Simplfy use of pkg-config when testing for EFL.
Feb 18 2021, 3:32 PM
dkg closed T5308: pkg-config misuse in efl sections of pinentry autoconf tooling as Resolved.

Thanks for the verification, @wltjr. I've pushed 19a18ba5fee049aac87b5114763095aaeb42430f to the master branch for future releases.

Feb 18 2021, 3:30 PM · pinentry, Bug Report
dkg added a comment to T5308: pkg-config misuse in efl sections of pinentry autoconf tooling.

hm, actually, maybe the efl should be EFL in order to produce and substitute the EFL_CFLAGS and EFL_LIBS variables.

Feb 18 2021, 2:22 AM · pinentry, Bug Report
dkg added a comment to T5308: pkg-config misuse in efl sections of pinentry autoconf tooling.

@wltjr maybe it needs ecore-x as well as elementary > 1.18 in the PKG_CHECK_MODULES line? oh, and looks like i screwed up and used > where i should have used >= sorry! fixing those would make the PKG_CHECK_MODULES line be:

Feb 18 2021, 2:18 AM · pinentry, Bug Report
dkg added a comment to T5291: gpg fails to recognize signatures if signer's user ID subpacket is present with the critical bit set .

I think you're saying "GnuPG will reject all subpackets marked with a critical flag unless there is a specific known semantic for *criticality* for that subpacket" Am I understanding that right? Is there a published list of criticality semantics that GnuPG is willing to accept? How do those semantics differ from standard semantics for the packet in question?

Feb 18 2021, 12:11 AM · gnupg (gpg22), Bug Report

Feb 17 2021

dkg added a comment to T5308: pkg-config misuse in efl sections of pinentry autoconf tooling.

fwiw, i think a patch like this ought to work with reasonably-modern versions of autotools:

Feb 17 2021, 9:22 PM · pinentry, Bug Report
dkg updated subscribers of T5308: pkg-config misuse in efl sections of pinentry autoconf tooling.

@wltjr maybe you could take a look at this?

Feb 17 2021, 8:52 PM · pinentry, Bug Report
dkg renamed T5308: pkg-config misuse in efl sections of pinentry autoconf tooling from po to pkg-config misuse in efl sections of pinentry autoconf tooling.
Feb 17 2021, 8:44 PM · pinentry, Bug Report
dkg created T5308: pkg-config misuse in efl sections of pinentry autoconf tooling.
Feb 17 2021, 8:43 PM · pinentry, Bug Report
dkg created T5307: pinentry-qt unilaterally enables rpath, even when configured with `--disable-rpath`.
Feb 17 2021, 8:22 PM · qt, pinentry, Bug Report

Feb 12 2021

dkg created T5299: use FULL_PATH_NAMES=NO for gpgme doxygen.
Feb 12 2021, 4:36 PM · gpgme
dkg created T5298: drop support for python2 for the python bindings for gpgme.
Feb 12 2021, 4:32 PM · gpgme, Python

Feb 9 2021

dkg added a comment to T5291: gpg fails to recognize signatures if signer's user ID subpacket is present with the critical bit set .

RFC 4880 says:

Feb 9 2021, 2:19 PM · gnupg (gpg22), Bug Report
dkg created T5291: gpg fails to recognize signatures if signer's user ID subpacket is present with the critical bit set .
Feb 9 2021, 6:53 AM · gnupg (gpg22), Bug Report
dkg created T5290: the stable 2.2 branch no longer builds symcryptrun, but it ships the symcryptrun.1 manpage.
Feb 9 2021, 2:10 AM · Documentation, gnupg (gpg22), Bug Report

Jan 29 2021

dkg added a comment to T4679: WKD spec should document exactly when a client should fall back from "advanced" to "direct" URL.

See also https://gitlab.com/openpgp-wg/webkey-directory/-/issues/3 which is the same issue.

Jan 29 2021, 3:33 AM · Documentation, wkd

Jan 15 2021

dkg updated the task description for T4679: WKD spec should document exactly when a client should fall back from "advanced" to "direct" URL.
Jan 15 2021, 10:50 PM · Documentation, wkd
dkg added a comment to T4679: WKD spec should document exactly when a client should fall back from "advanced" to "direct" URL.

This ambiguity appears to be the cause of a recent epic (and to me, largely incomprehensible) thread on gnupg-users. It would be great to have the WKD guidance about fallback strategy be much more explicit. Any room for ambiguity here leads to different outcomes from different WKD clients, and quite a bit of confused discussion by their users.

Jan 15 2021, 10:38 PM · Documentation, wkd

Dec 11 2020

dkg created T5179: add export-filter based on user ID calculated validity.
Dec 11 2020, 6:31 PM · gnupg24, gnupg (gpg23), Feature Request

Nov 18 2020

dkg created T5142: Qt gpgme's sign_key function should not set a remark with an empty string.
Nov 18 2020, 9:38 AM · gpgme, qt, Bug Report

Aug 18 2020

rotacirbahbgpung awarded T2748: ssh-agent emulation should provide the primary User ID of any keys offered via ssh a Like token.
Aug 18 2020, 10:49 AM · gnupg, Feature Request

Aug 10 2020

dkg added a comment to T4961: ship gpgrt.pc.

We currently already ship:

Aug 10 2020, 4:19 PM · Feature Request, gpgrt

Jul 2 2020

dkg added a comment to T3464: successful decryption with session key reports failure if public key is unknown.

I don't think this fix has made it into a release yet. Could we get a released version of gpgme that contains this fix?

Jul 2 2020, 6:59 AM · gpgme, Bug Report

Jul 1 2020

dkg added a comment to T4982: [PATCH] qt libraries should be linked with -fPIC instead of -fpic.

on #debian-dpkg on IRC, Guillem Jover suggested that we might want to fix dpkg specfiles to use +self_spec: instead of *self_spec:.

Jul 1 2020, 6:44 PM · Debian, gpgme
dkg added a project to T4982: [PATCH] qt libraries should be linked with -fPIC instead of -fpic: gpgme.

I'm still not understanding what specifically should be fixed here. Sorry to be dense about it, but the range of options and configuration details that are different are pretty puzzling.

Jul 1 2020, 3:55 AM · Debian, gpgme

Jun 30 2020

dkg added a comment to T4618: DANE OpenPGP certificate retrieval does not verify DNSSEC signatures.

The same concern has been reported at https://bugs.debian.org/964033 -- if dirmngr is not going to follow the specification, it should at least document (and maybe warn?) about how it is divergent.

Jun 30 2020, 9:30 PM · dns, dirmngr

Jun 25 2020

dkg added a comment to T4977: dirmngr not working with linux kernel parameter ipv6.disable=1.

Can you characterize the failure when ipv6.disable=1 ? The straightforward failure (connect() fails with EHOSTUNREACH after a few seconds) should presumably be treated the same as if some other host happened to be offline. That should result in dirmngr failing over to the next available address for the configured keyserver, right?

Jun 25 2020, 7:28 PM · Restricted Project, gnupg (gpg22), dirmngr, Bug Report
dkg added a comment to T4826: Expiration dates after 2107 are reported as wraparound expiration dates.

I agree with you that a certificate with a lengthy expiration is not cryptographically sensible or wise, @bernhard -- i'd never want to produce such a certificate myself.

Jun 25 2020, 6:11 PM · gnupg (gpg22), Bug Report

Jun 11 2020

dkg reopened T4892: gpgsm --gen-key with existing key from "ssh-add" fails as "Open".

This appears to still be a problem, despite upgrading to libksba 1.4.0:

Jun 11 2020, 1:29 AM · gnupg24, Bug Report, S/MIME

May 29 2020

dkg updated the task description for T4961: ship gpgrt.pc.
May 29 2020, 7:01 PM · Feature Request, gpgrt
dkg created T4961: ship gpgrt.pc.
May 29 2020, 7:01 PM · Feature Request, gpgrt

May 20 2020

dkg added a comment to T4952: libgpg-error/gpgrt lock-obj for big-endian 64-bit MIPS.

If there's no objection to this in a few days, i'll go ahead and merge it to master.

May 20 2020, 10:00 PM · gpgrt, Feature Request

May 19 2020

dkg committed rE0db8c768843d: syscfg: add 64-bit big-endian MIPS architecture (authored by dkg).
syscfg: add 64-bit big-endian MIPS architecture
May 19 2020, 11:35 PM
dkg added a comment to T4952: libgpg-error/gpgrt lock-obj for big-endian 64-bit MIPS.

branch dkg/fix-4952 contains this fix in an easily applicable form as 0db8c768843db3e85935b972f1ed9d1b98159c46

May 19 2020, 8:49 PM · gpgrt, Feature Request
dkg created T4952: libgpg-error/gpgrt lock-obj for big-endian 64-bit MIPS.
May 19 2020, 7:41 PM · gpgrt, Feature Request

Mar 31 2020

dkg committed rC6a5743469a43: libgcrypt.m4: Fix spelling (authored by dkg).
libgcrypt.m4: Fix spelling
Mar 31 2020, 7:43 PM