dkg (Daniel Kahn Gillmor)
User

Projects

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Sunday

  • Clear sailing ahead.

User Details

User Since
Mar 27 2017, 4:49 PM (120 w, 3 d)
Availability
Available

Recent Activity

Yesterday

dkg committed rE732855a48370: build: Use {CFLAGS,CPPFLAGS, LDFLAGS}_FOR_BUILD for helper programs (authored by dkg).
build: Use {CFLAGS,CPPFLAGS, LDFLAGS}_FOR_BUILD for helper programs
Thu, Jul 18, 5:49 PM
dkg added a commit to T4643: gpgrt: enable the environment to set compiler and linker flags for helper tools: rE732855a48370: build: Use {CFLAGS,CPPFLAGS, LDFLAGS}_FOR_BUILD for helper programs.
Thu, Jul 18, 5:49 PM · gpgrt, Feature Request
dkg added a comment to T4643: gpgrt: enable the environment to set compiler and linker flags for helper tools.

I've just pushed rE732855a483709345a5c0f49504f45cb8da3f883a to dkg-fix-T4643 in the gpg-error git repository. I don't know why it is not yet visible here.

Thu, Jul 18, 5:31 PM · gpgrt, Feature Request
dkg created T4643: gpgrt: enable the environment to set compiler and linker flags for helper tools.
Thu, Jul 18, 5:21 PM · gpgrt, Feature Request
dkg added commits to T4641: Libassuan: enable the environment to set compiler and linker flags for helper tools: rA45f01593d4ce: pass through {CFLAGS,CPPFLAGS,LDFLAGS}_FOR_BUILD when creating helper programs, rA98d7c7ea3f37: build: Use {CFLAGS,CPPFLAGS,LDFLAGS}_FOR_BUILD for helper programs..
Thu, Jul 18, 4:37 PM · libassuan, Feature Request
dkg added a task to rA45f01593d4ce: pass through {CFLAGS,CPPFLAGS,LDFLAGS}_FOR_BUILD when creating helper programs: T4641: Libassuan: enable the environment to set compiler and linker flags for helper tools.
Thu, Jul 18, 4:37 PM
dkg added a task to rA98d7c7ea3f37: build: Use {CFLAGS,CPPFLAGS,LDFLAGS}_FOR_BUILD for helper programs.: T4641: Libassuan: enable the environment to set compiler and linker flags for helper tools.
Thu, Jul 18, 4:37 PM
dkg added a comment to rA98d7c7ea3f37: build: Use {CFLAGS,CPPFLAGS,LDFLAGS}_FOR_BUILD for helper programs..

CC_FOR_BUILD is defined in configure.ac as build system C compiler, not build system C compiler and flags.

Thu, Jul 18, 4:35 PM
dkg added a comment to T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned.

I'm aware of you releasing an RC for comments, and i apologize for not catching this particular case earlier. As you know from T4607, i was even advocating for it. i didn't understand the full implications of the "import-then-clean" approach at the time, and was thinking it would only apply to the incoming material, not the stored material.

Thu, Jul 18, 4:26 PM · Keyserver, gnupg (gpg22), Bug Report
dkg committed rA45f01593d4ce: pass through {CFLAGS,CPPFLAGS,LDFLAGS}_FOR_BUILD when creating helper programs (authored by dkg).
pass through {CFLAGS,CPPFLAGS,LDFLAGS}_FOR_BUILD when creating helper programs
Thu, Jul 18, 12:57 AM
dkg added a comment to T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned.

i've merged a variant of rGbe99eec2b105eb5f8e3759147ae351dcc40560ad into the GnuPG packaging in debian unstable as of version 2.2.17-3 to avoid the risks of data loss and signature verification failures. I'll revert it if i see the concern addressed upstream.

Thu, Jul 18, 12:17 AM · Keyserver, gnupg (gpg22), Bug Report

Wed, Jul 17

dkg added a comment to T4592: gpg takes > 30s to list the keys from a 17MiB `pubring.gpg` that contains a single certificate.

@gniibe, thank you for backporting this to STABLE-BRANCH-2-2!

Wed, Jul 17, 10:25 PM · gnupg (gpg23), Bug Report
dkg added a task to rG33c17a8008c3: gpg: Improve import slowness.: T4592: gpg takes > 30s to list the keys from a 17MiB `pubring.gpg` that contains a single certificate.
Wed, Jul 17, 10:24 PM
dkg added a task to rGeb00a14f6d2d: gpg: Improve import slowness.: T4592: gpg takes > 30s to list the keys from a 17MiB `pubring.gpg` that contains a single certificate.
Wed, Jul 17, 10:24 PM
dkg added commits to T4592: gpg takes > 30s to list the keys from a 17MiB `pubring.gpg` that contains a single certificate: rGeb00a14f6d2d: gpg: Improve import slowness., rG33c17a8008c3: gpg: Improve import slowness..
Wed, Jul 17, 10:24 PM · gnupg (gpg23), Bug Report
dkg added a comment to T4641: Libassuan: enable the environment to set compiler and linker flags for helper tools.

I don't know why dkg-fix-T4641 is not showing up here on the assuan git repo.

Wed, Jul 17, 9:11 PM · libassuan, Feature Request
dkg added a comment to T4641: Libassuan: enable the environment to set compiler and linker flags for helper tools.

I've just pushed rA45f01593d4ce794ae3562359aee2ff80c97e368e to the dkg-fix-T4641 branch that resolves this.

Wed, Jul 17, 7:31 PM · libassuan, Feature Request
dkg created T4641: Libassuan: enable the environment to set compiler and linker flags for helper tools.
Wed, Jul 17, 7:29 PM · libassuan, Feature Request
dkg added a comment to T4632: Make it easier to cross-compile gpg-error.

Thanks for the feedback. I'll go ahead and close any tickets that come in via debian that expect to be able to cross compile without having at least once had a native compiler on the platform to generate the appropriate lock-obj-pub-*.h.

Wed, Jul 17, 7:05 PM · gpgrt, Feature Request
dkg created T4635: ship gpgscm and necessary *.scm files from gpgrt.
Wed, Jul 17, 2:12 AM · Tests, gpgrt, Feature Request
dkg added a comment to T3389: canonical OpenPGP certificate export.

@stm it kind of is a last-resort already, given that it's only in the event where the signature creation dates are equal, but sure, i wouldn't mind adjusting the proposal to say that (sigs) means "sort by date, then issuer, then binary content" -- but what do we think "sort by issuer" means?

Wed, Jul 17, 1:28 AM · gnupg (gpg23), Feature Request
dkg created T4634: "gpg --quiet --quick-gen-key" is not quiet: emits "key $FPR marked as ultimately trusted" to stderr..
Wed, Jul 17, 1:01 AM · gnupg (gpg22), Bug Report
dkg added a comment to T4601: gpg --quiet --quick-sign-key is not quiet.

does the removal of the gpg22 tag mean that it will not be possible to rely on colon-delimited output for the gpg 2.2 series?

Wed, Jul 17, 12:56 AM · gnupg (gpg23), Bug Report
dkg created T4633: gpg argument "--passphrase=" yields 'missing argument for option "--passphrase="'.
Wed, Jul 17, 12:53 AM · gnupg (gpg22), Bug Report

Tue, Jul 16

dkg created T4632: Make it easier to cross-compile gpg-error.
Tue, Jul 16, 11:18 PM · gpgrt, Feature Request
dkg added a comment to T4593: dirmngr should not apply Kristian's CA when fetching from a keyserver that is not `hkps.pool.sks-keyservers.net`.

Just a note that we're now shipping this patch in debian unstable. It would be great if it was merged upstream.

Tue, Jul 16, 8:08 PM · gnupg (gpg22), Bug Report, dirmngr
dkg added a comment to T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned.

that pseudocode is strange to me -- it looks like you have (two) duplicate calls to clean_key (imported_keyblock) (though maybe i just don't know what .... means in this pseudocode).

Tue, Jul 16, 6:36 PM · Keyserver, gnupg (gpg22), Bug Report

Mon, Jul 15

dkg added a task to rGbe99eec2b105: gpg: drop import-clean from default keyserver import options: T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned.
Mon, Jul 15, 10:37 PM
dkg added a commit to T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned: rGbe99eec2b105: gpg: drop import-clean from default keyserver import options.
Mon, Jul 15, 10:37 PM · Keyserver, gnupg (gpg22), Bug Report
dkg committed rGbe99eec2b105: gpg: drop import-clean from default keyserver import options (authored by dkg).
gpg: drop import-clean from default keyserver import options
Mon, Jul 15, 10:36 PM
dkg added a comment to T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned.

I think dropping import-clean from the default keyserver options is the right way to go. It is not clear what additional benefit import-clean provides given that we are already using self-sigs-only. And the idea of non-additive behavior to the local keyring when pulling from a keyserver is a deeply surprising change for multiple users i've talked to.

Mon, Jul 15, 10:35 PM · Keyserver, gnupg (gpg22), Bug Report
dkg added a comment to T4591: gpg drops flooded certificates entirely if the certficate is too large, and gpg is using `pubring.kbx`.

The fact that import-clean modifies already-held certifications makes me think it is inappropriate to have as the default for keyserver access (see T4628 for more details).

Mon, Jul 15, 7:34 PM · Bug Report, gnupg (gpg22)
dkg added a comment to T4607: enable `import-clean` by default.

Due to T4628, i no longer think that import-clean is a good idea by default.

Mon, Jul 15, 7:29 PM · Feature Request
dkg created T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned.
Mon, Jul 15, 7:09 PM · Keyserver, gnupg (gpg22), Bug Report
dkg created T4627: "gpg --verbose --list-secret-keys" prints a lot of warning messages unrelated to secret keys.
Mon, Jul 15, 5:17 PM · gnupg (gpg22), Bug Report
dkg added a comment to T4592: gpg takes > 30s to list the keys from a 17MiB `pubring.gpg` that contains a single certificate.

I am proposing to backport rG33c17a8008c3ba3bb740069f9f97c7467f156b54 and rGa7a043e82555a9da984c6fb01bfec4990d904690 to STABLE-BRANCH-2-2 as they represent a significant performance improvement in several specific use cases and appear to have no downsides.

Mon, Jul 15, 5:07 PM · gnupg (gpg23), Bug Report
dkg added a comment to T4615: gpg.exe very slow.

If you're on a platform that has awk available (any GNU/Linux and MacOS should provide it), you can scan for the largest OpenPGP certificate in your keyring with an awk script i posted over at https://dev.gnupg.org/T3972#127356

Mon, Jul 15, 4:57 PM · Bug Report, gpg4win
dkg created T4624: libassuan-config and libassuan.pc both put -lws2_32 before -lgpg-error, which fails during static linking.
Mon, Jul 15, 6:36 AM · Windows, libassuan, Bug Report
dkg updated the task description for T4623: pkg-config for mingw needs to emit -lws2_32.
Mon, Jul 15, 6:01 AM · Windows, gpgrt, Bug Report
dkg created T4623: pkg-config for mingw needs to emit -lws2_32.
Mon, Jul 15, 5:47 AM · Windows, gpgrt, Bug Report
dkg added a comment to T4592: gpg takes > 30s to list the keys from a 17MiB `pubring.gpg` that contains a single certificate.

@gniibe, the documentation (at least on the stable branch) says that --fast-import is just a synonym for --import. is that incorrect?

Mon, Jul 15, 4:26 AM · gnupg (gpg23), Bug Report

Sun, Jul 14

dkg added a project to T4617: Odd behavior for HTTP(S) scheme in --keyserver config: Documentation.
Sun, Jul 14, 6:49 PM · Documentation, Keyserver, dirmngr

Fri, Jul 12

dkg added a comment to T4592: gpg takes > 30s to list the keys from a 17MiB `pubring.gpg` that contains a single certificate.

with @gniibe's patches applied, i profiled the --import, since that is where the largest CPU cost remains. I tried two different times:

Fri, Jul 12, 2:56 PM · gnupg (gpg23), Bug Report
dkg added a comment to T4592: gpg takes > 30s to list the keys from a 17MiB `pubring.gpg` that contains a single certificate.

i also checked the CPU time for git tag -v, whether @gniibe's patches were applied or not.

Fri, Jul 12, 6:21 AM · gnupg (gpg23), Bug Report
dkg added a comment to T4592: gpg takes > 30s to list the keys from a 17MiB `pubring.gpg` that contains a single certificate.

fwiw, i tried gpg --import on the ascii-armored version of my C4BC2DDB38CCE96485EBE9C2F20691179038E5C6 OpenPGP certificate (22895014 octets, 54614 certifications), followed by gpg --list-keys and gpg --export | wc. I was comparing 2.2.17-1 (from the debian package in unstable) with the exact same source, just with @gniibe's two patches rG33c17a8008c3 and rGa7a043e82555 applied as well. I did this with GNUPGHOME set to an otherwise empty directory, where i had done touch pubring.gpg to avoid the keybox format. (the two runs did not share a GNUPGHOME).

Fri, Jul 12, 6:11 AM · gnupg (gpg23), Bug Report
dkg committed rGd10bb027e481: doc: fix spelling (authored by dkg).
doc: fix spelling
Fri, Jul 12, 3:29 AM

Wed, Jul 10

dkg added a comment to T4618: DANE OpenPGP certificate retrieval does not verify DNSSEC signatures.

I agree, many currently-shipped DNS client library implementations do not provide DNSSEC validity checks.

Wed, Jul 10, 9:44 PM · dns, dirmngr
dkg created T4618: DANE OpenPGP certificate retrieval does not verify DNSSEC signatures.
Wed, Jul 10, 6:48 PM · dns, dirmngr
dkg added projects to T4617: Odd behavior for HTTP(S) scheme in --keyserver config: dirmngr, Keyserver.
Wed, Jul 10, 6:11 PM · Documentation, Keyserver, dirmngr
dkg added a comment to T4592: gpg takes > 30s to list the keys from a 17MiB `pubring.gpg` that contains a single certificate.

(i think that rG33c17a8008c3ba3bb740069f9f97c7467f156b54 is also relevant, though it was not tagged with this ticket)

Wed, Jul 10, 6:10 PM · gnupg (gpg23), Bug Report
dkg added a comment to T4592: gpg takes > 30s to list the keys from a 17MiB `pubring.gpg` that contains a single certificate.

@gniibe -- thank you very much for tracking down these O(N^2) operations and cleaning them up. I will profile the effect of those changes and report my findings.

Wed, Jul 10, 6:09 PM · gnupg (gpg23), Bug Report
dkg added a comment to T4617: Odd behavior for HTTP(S) scheme in --keyserver config.

aiui, a keyserver scheme of https:// implies that the specific URL is to be queried directly, not using any of the HKPS URL schema patterns.

Wed, Jul 10, 5:03 PM · Documentation, Keyserver, dirmngr

Mon, Jul 8

dkg added a comment to T4276: Context.decrypt() throws an error if *any* signature is bad.

yes, python2.7 and python3.7

Mon, Jul 8, 5:55 PM · gpgme, Python, Bug Report
dkg reopened T4276: Context.decrypt() throws an error if *any* signature is bad as "Open".

rM7d0a979c07d2 disabled the test for this. @werner says:

Mon, Jul 8, 4:38 AM · gpgme, Python, Bug Report

Fri, Jul 5

dkg added a comment to T4607: enable `import-clean` by default.

This is especially relevant if you are not going to implement the fallback to import-clean that was proposed in T4591.

Fri, Jul 5, 5:58 PM · Feature Request
dkg added a comment to T4607: enable `import-clean` by default.

I see that you have lowered the WKD limit to 64KiB with 6396f8d115f21ae15571b683e9ac9d1d7e3f44f4 -- i think this is a mistake, as reasonable certificates can be several times that size (e.g. zack's cleaned certificate, mentioned above). I'd prefer a limit of 256KiB.

Fri, Jul 5, 5:56 PM · Feature Request
dkg added a comment to T3464: successful decryption with session key reports failure if public key is unknown.

why is this fix not relevant for the 2.2 stable branch? I've had no feedback on this proposed patch.

Fri, Jul 5, 5:51 PM · gpgme, Bug Report
dkg added a comment to T4393: GnuPG should always accept key updates even if the update does not contain UIDs.

This is not just about keys.openpgp.org. It's about any keystore that implements user id redaction, for whatever reason. When you say "what they can do is accept only user ids which…" i think you mean "the userid-redacting keystores can instead redistribute user ids which …". Is that right?

Fri, Jul 5, 3:07 PM · gnupg (gpg23), Feature Request

Thu, Jul 4

dkg created T4613: document implementation guidance for WKD clients in draft-koch-openpgp-webkey-service.
Thu, Jul 4, 11:04 PM · Documentation, wkd
dkg added a comment to T4607: enable `import-clean` by default.

@werner, i don't think there is a 64K limit either, at least not in 2.2.16. Here is 2.2.16 with an empty homedir fetching Zack's certificate here which is > 97KiB:

Thu, Jul 4, 11:02 PM · Feature Request
dkg added a comment to T4604: gpg 2.2 fails to download keys from a keyserver.

Not every incoming certificate that has no user ID will lack a user ID once it is merged with the local copy of the same certificate. T4393 describes that use case, so if you're interested in receiving user-ID-lacking updates to certificates that you already have a copy of, @jaymzh, you should follow up on that ticket.

Thu, Jul 4, 10:24 PM · Bug Report
dkg added a comment to T4612: Add spare space to the keybox to always allow the import of revocations..

Once a revocation is added (to any part of the certificate), perhaps all the certification packets that are clearly made obsolete by the revocation could be dropped from the certificate? That would certainly free up space to be able to import additional revocations if needed.

Thu, Jul 4, 10:21 PM · Bug Report, gnupg (gpg22)

Wed, Jul 3

dkg added a comment to T4604: gpg 2.2 fails to download keys from a keyserver.

I think what you're missing is the keys.openpgp.org documentation which makes it clear that they will not distribute identity information (read: "User IDs") without an explicit confirmation by the operator of the e-mail address named in the User ID. They strip down the certificate pretty significantly before redistribution, especially if the e-mail address hasn't been confirmed directly with the operators of that server.

Wed, Jul 3, 11:39 PM · Bug Report
dkg added a comment to T4608: gpgv --enable-special-filenames documentation appears to claim that it works for keyrings, but it does not.

out of curiosity, why does gpgv need the name of the file?

Wed, Jul 3, 9:30 PM · gpgv, Bug Report
dkg renamed T4608: gpgv --enable-special-filenames documentation appears to claim that it works for keyrings, but it does not from gpgv --enable-special-filenames does not appear to work for keyrings passed as file descriptors to gpgv --enable-special-filenames documentation appears to claim that it works for keyrings, but it does not.
Wed, Jul 3, 9:17 PM · gpgv, Bug Report
dkg added a comment to T4607: enable `import-clean` by default.

in 2.2.16, anyway, gnupg does not appear to apply import-minimal for WKD.

Wed, Jul 3, 9:10 PM · Feature Request
dkg reopened T4608: gpgv --enable-special-filenames documentation appears to claim that it works for keyrings, but it does not as "Open".

In that case, you can treat this ticket as a bug in the documentation, which still needs to be resolved.

Wed, Jul 3, 9:07 PM · gpgv, Bug Report
dkg created T4608: gpgv --enable-special-filenames documentation appears to claim that it works for keyrings, but it does not.
Wed, Jul 3, 9:02 PM · gpgv, Bug Report
dkg added a comment to T4595: GPG: auto-key-retrieve should prefer WKD over Keyserver.

auto-key-retrieve happens in the context of signature verification when the certificate is missing. If no signer User ID subpacket is present in the signature, then WKD simply won't work.

Wed, Jul 3, 7:11 PM · gnupg (gpg22), wkd
dkg added a comment to T4607: enable `import-clean` by default.

hm, i see your point. If you could spell out what the specific regression(s) in more detail, though, that might help us to reason about their impact.

Wed, Jul 3, 6:52 PM · Feature Request
dkg added a comment to T4605: automatically upgrade from `pubring.gpg` to `pubring.kbx`.

if you want to add a separate subcommand for that, i would be happy to abandon migrate-pubring-from-classic-gpg.

Wed, Jul 3, 6:16 PM · gnupg (gpg22), Feature Request
dkg created T4607: enable `import-clean` by default.
Wed, Jul 3, 6:05 PM · Feature Request
dkg created T4605: automatically upgrade from `pubring.gpg` to `pubring.kbx`.
Wed, Jul 3, 4:25 PM · gnupg (gpg22), Feature Request
dkg added a comment to T4603: dirmngr WKD redirection changes paths.

I think you're suggesting accepting *any* path if the hostname of the proposed redirection matches openpgpkey.example.org when querying the WKD direct URL for an @example.org address. That would also be a fine solution from my point of view.

Wed, Jul 3, 4:13 PM · gnupg (gpg22), wkd, dirmngr, Bug Report
dkg added a comment to T4591: gpg drops flooded certificates entirely if the certficate is too large, and gpg is using `pubring.kbx`.

my initial scenario is where an adversarial keystore floods a certificate right up to (but within) the 5MiB boundary, so that the user has stored it in the keyring already. Then, the user encounters the certificate again, with revocation attached.

Wed, Jul 3, 2:53 PM · Bug Report, gnupg (gpg22)
dkg added a comment to T4603: dirmngr WKD redirection changes paths.

@werner, thanks for the pointer to the report, that's certainly useful. And i'm happy that organizations like SektionEins are doing GnuPG audits and publishing their results regardless of who paid for them.

Wed, Jul 3, 2:48 PM · gnupg (gpg22), wkd, dirmngr, Bug Report
dkg added a comment to T4604: gpg 2.2 fails to download keys from a keyserver.

@jaymzh, I agree with @werner that without more information, this bug report isn't particularly actionable.

Wed, Jul 3, 1:27 PM · Bug Report
dkg added a comment to T4591: gpg drops flooded certificates entirely if the certficate is too large, and gpg is using `pubring.kbx`.

as a separate variant: if the attacker floods the certificate with bogus self-signatures -- that is, certifications that have an issuer fingerprint or issuer key id subpacket, whether hashed or unhashed -- will that make it impossible to import any of them?

Wed, Jul 3, 6:48 AM · Bug Report, gnupg (gpg22)
dkg added a comment to T4591: gpg drops flooded certificates entirely if the certficate is too large, and gpg is using `pubring.kbx`.

Thanks for working on this fallback, Werner.

Wed, Jul 3, 12:09 AM · Bug Report, gnupg (gpg22)

Tue, Jul 2

dkg added a comment to T4603: dirmngr WKD redirection changes paths.

Thanks for the pointer, @werner. Certainly we want T4590 fixed.

Tue, Jul 2, 5:37 PM · gnupg (gpg22), wkd, dirmngr, Bug Report
dkg updated the task description for T4603: dirmngr WKD redirection changes paths.
Tue, Jul 2, 3:44 PM · gnupg (gpg22), wkd, dirmngr, Bug Report
dkg created T4603: dirmngr WKD redirection changes paths.
Tue, Jul 2, 3:43 PM · gnupg (gpg22), wkd, dirmngr, Bug Report

Mon, Jul 1

dkg updated the task description for T4601: gpg --quiet --quick-sign-key is not quiet.
Mon, Jul 1, 9:50 PM · gnupg (gpg23), Bug Report
dkg created T4601: gpg --quiet --quick-sign-key is not quiet.
Mon, Jul 1, 9:50 PM · gnupg (gpg23), Bug Report
dkg updated subscribers of T4593: dirmngr should not apply Kristian's CA when fetching from a keyserver that is not `hkps.pool.sks-keyservers.net`.

I should add that i don't really care whose fault it is if the software is broken by some downstream. if it harms any users, and we can fix it, we should fix it, especially if the fix is easy.

Mon, Jul 1, 9:13 PM · gnupg (gpg22), Bug Report, dirmngr
dkg added a comment to T4593: dirmngr should not apply Kristian's CA when fetching from a keyserver that is not `hkps.pool.sks-keyservers.net`.

We're writing free software, which we know that people use and modify downstream. if we know that the software has a particular sharp edge that people who are modifying it are likely to cut themselves on, we have two options:

Mon, Jul 1, 9:03 PM · gnupg (gpg22), Bug Report, dirmngr
dkg reopened T4593: dirmngr should not apply Kristian's CA when fetching from a keyserver that is not `hkps.pool.sks-keyservers.net` as "Open".

If the default keyserver is not hkps.pool.sks-keyservers.net, then @kristianf's CA certificate has no business certifying it.

Mon, Jul 1, 6:31 PM · gnupg (gpg22), Bug Report, dirmngr
dkg added a comment to T4588: gpg-agent should guess pinentry's full path (using $PATH) if `pinentry-program` does not supply a full path.

So this is a defense against an adversary capable of creating a pinentry-wrapper somewhere in $PATH, but not capable of modifying gpg-agent.conf? It sounds to me like this is a defense against a very unusually-constrained attacker, at the expense of regular, common bug reports and user confusion.

Mon, Jul 1, 6:24 PM · libassuan, gpgagent
dkg added a comment to T4591: gpg drops flooded certificates entirely if the certficate is too large, and gpg is using `pubring.kbx`.

thanks for working on this @werner. rG2e349bb61737 is definitely not useful for me. If i am going to tell anyone "hey, do this weird thing differently in order to fetch my key", i will tell them "pull it from https://dkg.fifthhorseman.net/dkg-openpgp.key". I will never tell anyone to use import-self-sigs-only.

Mon, Jul 1, 6:20 PM · Bug Report, gnupg (gpg22)
dkg created T4599: remap `--search` to `--locate-keys` (with warning).
Mon, Jul 1, 6:16 PM · gnupg (gpg23), dirmngr

Sun, Jun 30

dkg added a project to T4594: dirmngr appears to unilaterally import system CAs: Bug Report.
Sun, Jun 30, 7:27 PM · Bug Report, dirmngr, gnupg (gpg22)
dkg added a comment to T4594: dirmngr appears to unilaterally import system CAs.

To be clear, this would allow the least competent CA in the system root trust anchor list to certify an arbitrary server as a member of hkps.pool.sks-keyservers.net. So it is in some sense a security vulnerability -- it allows for a bypass of the correct authority.

Sun, Jun 30, 7:26 PM · Bug Report, dirmngr, gnupg (gpg22)
dkg committed rG1c9cc97e9d47: dirmngr: Only use SKS pool CA for SKS pool (authored by dkg).
dirmngr: Only use SKS pool CA for SKS pool
Sun, Jun 30, 6:15 PM
dkg created T4594: dirmngr appears to unilaterally import system CAs.
Sun, Jun 30, 6:14 PM · Bug Report, dirmngr, gnupg (gpg22)
dkg added a comment to T4593: dirmngr should not apply Kristian's CA when fetching from a keyserver that is not `hkps.pool.sks-keyservers.net`.

I've just pushed 1c9cc97e9d47d73763810dcb4a36b6cdf31a2254 to the branch dkg-fix-T4593

Sun, Jun 30, 6:12 PM · gnupg (gpg22), Bug Report, dirmngr
dkg updated the task description for T4593: dirmngr should not apply Kristian's CA when fetching from a keyserver that is not `hkps.pool.sks-keyservers.net`.
Sun, Jun 30, 6:09 PM · gnupg (gpg22), Bug Report, dirmngr
dkg created T4593: dirmngr should not apply Kristian's CA when fetching from a keyserver that is not `hkps.pool.sks-keyservers.net`.
Sun, Jun 30, 6:09 PM · gnupg (gpg22), Bug Report, dirmngr

Sat, Jun 29

dkg added a comment to T4591: gpg drops flooded certificates entirely if the certficate is too large, and gpg is using `pubring.kbx`.

Note also that some keyservers like keys.openpgp.org will distribute only verified self-sigs (including revocations and subkey updates) without distributing the floodable third-party certifications. We can and should distinguish "updates-only" keyservers from discovery-by-address mecahnisms.

Sat, Jun 29, 12:53 AM · Bug Report, gnupg (gpg22)

Fri, Jun 28

dkg added a comment to T4592: gpg takes > 30s to list the keys from a 17MiB `pubring.gpg` that contains a single certificate.

Just importing a ~666KiB certificate when this monster certificate is in the keyring consumes over 10m of CPU time:

Fri, Jun 28, 11:15 PM · gnupg (gpg23), Bug Report
dkg added a comment to T4592: gpg takes > 30s to list the keys from a 17MiB `pubring.gpg` that contains a single certificate.

Verifying a git tag from the "clean" version of this certificate takes ~225ms of CPU time. Verifying the same git tag from a keyring that contains the flooded version of the certificate takes ~145s. This is factor of more than 600×. Any automated git tag verification system can probably be DoSed by this behavior.

Fri, Jun 28, 8:23 PM · gnupg (gpg23), Bug Report