KeyserverTag
ActivePublic

Members

  • This project does not have any members.

Recent Activity

Tue, Mar 17

werner added a commit to T4856: GPG: Key Exchange Put public OpenPGP key into signature: rM3afa534645e3: core: New context flags "include-key-block" and "auto-key-import"..
Tue, Mar 17, 5:57 PM · Feature Request, gpgol, Keyserver, gnupg

Sat, Mar 14

werner added a comment to T4856: GPG: Key Exchange Put public OpenPGP key into signature.

I think that this chnage is useful enough to be backported to 2.2. Done that.

Sat, Mar 14, 8:14 PM · Feature Request, gpgol, Keyserver, gnupg
werner added a commit to T4856: GPG: Key Exchange Put public OpenPGP key into signature: rG95b42278cafe: gpg: New option --auto-key-import.
Sat, Mar 14, 8:13 PM · Feature Request, gpgol, Keyserver, gnupg
werner added a commit to T4856: GPG: Key Exchange Put public OpenPGP key into signature: rG2baa00ea1863: gpg: Add property "fpr" for use by --export-filter..
Sat, Mar 14, 8:13 PM · Feature Request, gpgol, Keyserver, gnupg
werner added a commit to T4856: GPG: Key Exchange Put public OpenPGP key into signature: rGb42d9f540c74: gpg: Make use of the included key block in a signature..
Sat, Mar 14, 8:13 PM · Feature Request, gpgol, Keyserver, gnupg
werner added a commit to T4856: GPG: Key Exchange Put public OpenPGP key into signature: rGd79ebee64ea5: gpg: New option --include-key-block..
Sat, Mar 14, 8:13 PM · Feature Request, gpgol, Keyserver, gnupg
werner added a commit to T4856: GPG: Key Exchange Put public OpenPGP key into signature: rG6b306f45f4fb: gpg: New option --auto-key-import.
Sat, Mar 14, 6:07 PM · Feature Request, gpgol, Keyserver, gnupg

Fri, Mar 13

werner changed the status of T4856: GPG: Key Exchange Put public OpenPGP key into signature from Open to Testing.
Fri, Mar 13, 5:29 PM · Feature Request, gpgol, Keyserver, gnupg
werner added a comment to T4856: GPG: Key Exchange Put public OpenPGP key into signature.

You can test it now out using GnuPG master: Just add --include-key-block and you can then verify using an empty keyring. Currently --auto-key-retrieve is not needed but we need to think on how we can enable or disable this during verification.

Fri, Mar 13, 5:28 PM · Feature Request, gpgol, Keyserver, gnupg
werner added a commit to T4856: GPG: Key Exchange Put public OpenPGP key into signature: rG6a4443c8425f: gpg: Make use of the included key block in a signature..
Fri, Mar 13, 5:18 PM · Feature Request, gpgol, Keyserver, gnupg
werner added a commit to T4856: GPG: Key Exchange Put public OpenPGP key into signature: rG865d48518024: gpg: New option --include-key-block..
Fri, Mar 13, 5:18 PM · Feature Request, gpgol, Keyserver, gnupg
werner added a commit to T4856: GPG: Key Exchange Put public OpenPGP key into signature: rG32493ce50ad8: gpg: Add property "fpr" for use by --export-filter..
Fri, Mar 13, 1:20 PM · Feature Request, gpgol, Keyserver, gnupg
werner added a project to T4856: GPG: Key Exchange Put public OpenPGP key into signature: Feature Request.
Fri, Mar 13, 1:17 PM · Feature Request, gpgol, Keyserver, gnupg

Tue, Mar 10

Valodim added a comment to T4856: GPG: Key Exchange Put public OpenPGP key into signature.

ftr, here is the thread I had in mind but couldn't recall above. @aheinecke is that your thinking, or a more pgp/mime bound mechanism as @dkg assumed?

Tue, Mar 10, 5:50 PM · Feature Request, gpgol, Keyserver, gnupg
dkg added a comment to T4856: GPG: Key Exchange Put public OpenPGP key into signature.

@wiktor-k, "just extend the spec" doesn't necessarily work with existing clients, which might be surprised to find unexpected packets in the signature section of an e-mail. It seems more likely to me that they'd be able to handle (meaning: ignore) an unknown subpacket (as long as it's well-formed) than to handle additional packets. But all of these surmises require testing with existing clients, of course. Has anyone done any of that testing?

Tue, Mar 10, 3:19 PM · Feature Request, gpgol, Keyserver, gnupg
wiktor-k added a comment to T4856: GPG: Key Exchange Put public OpenPGP key into signature.

This is a nice idea and although it overlaps with Autocrypt it has other uses too: for example verification of signed files that can be vastly simplified (just get the file and the signature, no key fetching needed, downside: the key attached to the signature could be stale).

Tue, Mar 10, 10:04 AM · Feature Request, gpgol, Keyserver, gnupg
dkg added a comment to T4856: GPG: Key Exchange Put public OpenPGP key into signature.

Ah, thanks for pointing out the subpacket option (i guess it could be hashed or unhashed). i don't think any of the subpackets currently defined in RFC4880 supports this use case -- but i guess you could mint a new one, or use a notation.

Tue, Mar 10, 1:22 AM · Feature Request, gpgol, Keyserver, gnupg
Valodim added a comment to T4856: GPG: Key Exchange Put public OpenPGP key into signature.

Werner said that it's possible in OpenPGP to also put the pubkey into the signature. (...) The nice advantage is that this will also work for files.

Tue, Mar 10, 12:31 AM · Feature Request, gpgol, Keyserver, gnupg

Mon, Mar 9

dkg added a comment to T4856: GPG: Key Exchange Put public OpenPGP key into signature.

Hi @aheinecke, thanks for thinking about this, and thanks for tagging me here too. I'm definitely interested.

Mon, Mar 9, 9:53 PM · Feature Request, gpgol, Keyserver, gnupg

Feb 26 2020

aheinecke created T4856: GPG: Key Exchange Put public OpenPGP key into signature.
Feb 26 2020, 12:33 PM · Feature Request, gpgol, Keyserver, gnupg
aheinecke added a comment to T4513: dirmngr should try the configured keyservers anyway even if they are all dead.

But searching on Keyservers is also in my opinion not a common use case for Kleopatra users.

Thanks for engaging constructively.

Feb 26 2020, 12:03 PM · Feature Request, Keyserver, dirmngr

Feb 21 2020

dkg added a comment to T4513: dirmngr should try the configured keyservers anyway even if they are all dead.

In T4513#132770, @aheinecke wrote:

Werner could you maybe at least check for an internet connection, I don't know how to do it on Linux but on Windows it's easy because windows has API for that.

Feb 21 2020, 6:33 PM · Feature Request, Keyserver, dirmngr

Feb 19 2020

Valodim added a comment to T4513: dirmngr should try the configured keyservers anyway even if they are all dead.

But searching on Keyservers is also in my opinion not a common use case for Kleopatra users.

Feb 19 2020, 6:43 PM · Feature Request, Keyserver, dirmngr
werner added a comment to T4513: dirmngr should try the configured keyservers anyway even if they are all dead.

and by that bypassing all key source tracking as done by gpg. In any case searching by name or mail address on a keyserver should not be done - at least not by a GUI tool as used by non experienced users.

Feb 19 2020, 4:34 PM · Feature Request, Keyserver, dirmngr
patrick added a comment to T4513: dirmngr should try the configured keyservers anyway even if they are all dead.

I agree that this is a tricky problem, but it should really be improved.

Feb 19 2020, 4:05 PM · Feature Request, Keyserver, dirmngr
werner added a comment to T4513: dirmngr should try the configured keyservers anyway even if they are all dead.

The problem is not to check whether there is a connection but on how to decide whether something is a pool or an explictly added single keyserver and how often should we try to connect or read from it. Without marking hosts as dead the auto search features won't work well.

Feb 19 2020, 1:30 PM · Feature Request, Keyserver, dirmngr
aheinecke added a comment to T4513: dirmngr should try the configured keyservers anyway even if they are all dead.

@Valodim probably not so much as dirmngr might behave differently and not mark hosts as dead.

Feb 19 2020, 1:17 PM · Feature Request, Keyserver, dirmngr
werner added a comment to T4513: dirmngr should try the configured keyservers anyway even if they are all dead.

The proper solution is of course to use pkill instead of killall. SCNR.

Feb 19 2020, 12:43 PM · Feature Request, Keyserver, dirmngr
Valodim updated subscribers of T4513: dirmngr should try the configured keyservers anyway even if they are all dead.

I can attest to the "growing bit of popular lore": Roughly half the support requests I get to support@keys.openpgp.org boil down to an exchange of "it just doesn't work with a 'general error' message" -> "try killall dirmngr" -> "that did it". I have heard similar stories from @patrick from Enigmail users, and more than once heard people applying poweruser trickery like "I just have killall dirmngr in my resume.d".

Feb 19 2020, 11:37 AM · Feature Request, Keyserver, dirmngr

Nov 25 2019

werner closed T4165: Dirmngr: Ipv6 causes network failure if Ipv6 can't be reached, a subtask of T4163: hkps://hkps.pool.sks-keyservers.net has to many bad servers to be a good default, as Resolved.
Nov 25 2019, 10:17 PM · gnupg, Keyserver
werner closed T4165: Dirmngr: Ipv6 causes network failure if Ipv6 can't be reached as Resolved.

Unusable v6 interfaces are now detected on Windows and then not used.

Nov 25 2019, 10:17 PM · Keyserver, Feature Request, dirmngr
werner closed T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned as Resolved.
Nov 25 2019, 10:15 PM · Keyserver, gnupg (gpg22), Bug Report

Nov 20 2019

werner lowered the priority of T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned from Normal to Wishlist.
Nov 20 2019, 8:58 AM · Keyserver, gnupg (gpg22), Bug Report

Nov 7 2019

werner moved T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned from Backlog to For next release on the gnupg (gpg22) board.
Nov 7 2019, 3:15 PM · Keyserver, gnupg (gpg22), Bug Report
werner changed the status of T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned from Open to Testing.
Nov 7 2019, 3:14 PM · Keyserver, gnupg (gpg22), Bug Report
werner added a commit to T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned: rG2975868ede40: gpg: Fix a potential loss of key sigs during import with self-sigs-only..
Nov 7 2019, 3:13 PM · Keyserver, gnupg (gpg22), Bug Report
werner added a commit to T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned: rG6701a38f8e4a: gpg: Fix a potential loss of key sigs during import with self-sigs-only..
Nov 7 2019, 3:10 PM · Keyserver, gnupg (gpg22), Bug Report

Oct 25 2019

mgorny added a comment to T4444: dirmngr fails with keyservers specified by IP without rDNS; reported as dead host or uses wrong Host header.

Ping.

Oct 25 2019, 10:54 AM · Keyserver, dns, dirmngr, Bug Report

Oct 24 2019

dkg added a comment to T4513: dirmngr should try the configured keyservers anyway even if they are all dead.

There is a growing bit of popular lore in the GnuPG community that "when keyserver operations fail, you solve that problem with killall dirmngr." I believe this suggestion is potentially damaging (the long-running daemon may be in the middle of operations for a client that you don't know about), but i suspect it is circulating as advice because it resolves the situation outlined in this ticket. For whatever ephemeral reason, dirmngr gets stuck, and fails to notice that this situation has resolved itself.

Oct 24 2019, 5:39 PM · Feature Request, Keyserver, dirmngr

Jul 18 2019

dkg added a comment to T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned.

I'm aware of you releasing an RC for comments, and i apologize for not catching this particular case earlier. As you know from T4607, i was even advocating for it. i didn't understand the full implications of the "import-then-clean" approach at the time, and was thinking it would only apply to the incoming material, not the stored material.

Jul 18 2019, 4:26 PM · Keyserver, gnupg (gpg22), Bug Report
werner added a comment to T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned.

The code has comments why we do a first clean_key on the imported keyblock.

Jul 18 2019, 11:07 AM · Keyserver, gnupg (gpg22), Bug Report
dkg added a comment to T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned.

i've merged a variant of rGbe99eec2b105eb5f8e3759147ae351dcc40560ad into the GnuPG packaging in debian unstable as of version 2.2.17-3 to avoid the risks of data loss and signature verification failures. I'll revert it if i see the concern addressed upstream.

Jul 18 2019, 12:17 AM · Keyserver, gnupg (gpg22), Bug Report

Jul 16 2019

dkg added a comment to T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned.

that pseudocode is strange to me -- it looks like you have (two) duplicate calls to clean_key (imported_keyblock) (though maybe i just don't know what .... means in this pseudocode).

Jul 16 2019, 6:36 PM · Keyserver, gnupg (gpg22), Bug Report
werner triaged T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned as Normal priority.
Jul 16 2019, 8:25 AM · Keyserver, gnupg (gpg22), Bug Report
werner added a comment to T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned.

You are partly right. I missed that we also do clean the original keyblock while updating a key. The code is

Jul 16 2019, 8:17 AM · Keyserver, gnupg (gpg22), Bug Report

Jul 15 2019

dkg added a commit to T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned: rGbe99eec2b105: gpg: drop import-clean from default keyserver import options.
Jul 15 2019, 10:37 PM · Keyserver, gnupg (gpg22), Bug Report
dkg added a comment to T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned.

I think dropping import-clean from the default keyserver options is the right way to go. It is not clear what additional benefit import-clean provides given that we are already using self-sigs-only. And the idea of non-additive behavior to the local keyring when pulling from a keyserver is a deeply surprising change for multiple users i've talked to.

Jul 15 2019, 10:35 PM · Keyserver, gnupg (gpg22), Bug Report
dkg created T4628: new import-clean default for keys from keyservers modifies the local keyring when anything is returned.
Jul 15 2019, 7:09 PM · Keyserver, gnupg (gpg22), Bug Report
werner triaged T4617: Odd behavior for HTTP(S) scheme in --keyserver config as Low priority.
Jul 15 2019, 8:16 AM · Documentation, Keyserver, dirmngr

Jul 14 2019

dkg added a project to T4617: Odd behavior for HTTP(S) scheme in --keyserver config: Documentation.
Jul 14 2019, 6:49 PM · Documentation, Keyserver, dirmngr