KeyserverTag
ActivePublic

Members

  • This project does not have any members.

Recent Activity

Sat, Jun 8

werner triaged T4512: gpg's --keyserver option should be more robustly deprecated as Low priority.

We need --keyserver in gpg for just one reason: backward compatibility.

Sat, Jun 8, 10:40 AM · Documentation, gnupg (gpg22), Keyserver, dirmngr, Bug Report
dkg reopened T4512: gpg's --keyserver option should be more robustly deprecated as "Open".

thanks for fixing that error message, @werner. As @Valodim points out in discusson about hagrid, a gpg.conf keyserver option (deprecated according to the documentation) overrides the dirmngr.conf keyserver option (not deprecated according to the documentation.

Sat, Jun 8, 5:29 AM · Documentation, gnupg (gpg22), Keyserver, dirmngr, Bug Report

Mon, May 27

werner added a comment to T4165: Dirmngr: Ipv6 causes network failure if Ipv6 can't be reached.

I doubt that we are going to implement this.

Mon, May 27, 6:15 PM · Keyserver, Feature Request, dirmngr

May 17 2019

werner triaged T4444: dirmngr fails with keyservers specified by IP without rDNS; reported as dead host or uses wrong Host header as Normal priority.
May 17 2019, 6:47 PM · Keyserver, dns, dirmngr, Bug Report

May 15 2019

werner closed T4466: Clean up --keyserver documentation in gpg(1) as Resolved.

Thanks

May 15 2019, 9:20 AM · Keyserver, gnupg (gpg22), dirmngr, Documentation
werner added a commit to T4466: Clean up --keyserver documentation in gpg(1): rG0d669a360c6e: doc: Do not mention gpg's deprecated --keyserver option..
May 15 2019, 9:20 AM · Keyserver, gnupg (gpg22), dirmngr, Documentation
werner added a commit to T4466: Clean up --keyserver documentation in gpg(1): rG42adb56e660a: doc: Do not mention gpg's deprecated --keyserver option..
May 15 2019, 9:19 AM · Keyserver, gnupg (gpg22), dirmngr, Documentation
werner claimed T4466: Clean up --keyserver documentation in gpg(1).
May 15 2019, 9:06 AM · Keyserver, gnupg (gpg22), dirmngr, Documentation

May 14 2019

werner triaged T4513: dirmngr should try the configured keyservers anyway even if they are all dead as Normal priority.
May 14 2019, 10:09 AM · Feature Request, Keyserver, dirmngr
werner closed T4512: gpg's --keyserver option should be more robustly deprecated as Resolved.

I removed this specialized error message. Thanks for reporting.

May 14 2019, 8:38 AM · Documentation, gnupg (gpg22), Keyserver, dirmngr, Bug Report
werner added a commit to T4512: gpg's --keyserver option should be more robustly deprecated: rG8d645f1d1f2b: gpg: Do not print a hint to use the deprecated --keyserver option..
May 14 2019, 8:38 AM · Documentation, gnupg (gpg22), Keyserver, dirmngr, Bug Report
werner added a commit to T4512: gpg's --keyserver option should be more robustly deprecated: rG7102d9b798b0: gpg: Do not print a hint to use the deprecated --keyserver option..
May 14 2019, 7:56 AM · Documentation, gnupg (gpg22), Keyserver, dirmngr, Bug Report
dkg updated the task description for T4512: gpg's --keyserver option should be more robustly deprecated.
May 14 2019, 7:42 AM · Documentation, gnupg (gpg22), Keyserver, dirmngr, Bug Report
dkg edited projects for T4466: Clean up --keyserver documentation in gpg(1), added: dirmngr, gnupg (gpg22), Keyserver; removed gnupg.
May 14 2019, 7:40 AM · Keyserver, gnupg (gpg22), dirmngr, Documentation
dkg added a comment to T4513: dirmngr should try the configured keyservers anyway even if they are all dead.

This is particularly bad for users who have manually specified a given keyserver in dirmngr.conf, because even a transient failure in that keyserver will prevent them from any future keyserver requests until dirmngr decides that the "death" has worn off.

May 14 2019, 1:00 AM · Feature Request, Keyserver, dirmngr
dkg created T4513: dirmngr should try the configured keyservers anyway even if they are all dead.
May 14 2019, 12:54 AM · Feature Request, Keyserver, dirmngr
dkg created T4512: gpg's --keyserver option should be more robustly deprecated.
May 14 2019, 12:49 AM · Documentation, gnupg (gpg22), Keyserver, dirmngr, Bug Report

Apr 1 2019

robbat2 added a comment to T4444: dirmngr fails with keyservers specified by IP without rDNS; reported as dead host or uses wrong Host header.

HTTP/1.1 spec, RFC 7230, Section 5.4, paragraph 2:
https://tools.ietf.org/html/rfc7230#section-5.4

Apr 1 2019, 8:24 PM · Keyserver, dns, dirmngr, Bug Report
werner added a comment to T4444: dirmngr fails with keyservers specified by IP without rDNS; reported as dead host or uses wrong Host header.

Please be so kind and point me to the specs stating that you should put the IP address into Host:

Apr 1 2019, 8:01 PM · Keyserver, dns, dirmngr, Bug Report
robbat2 added a comment to T4444: dirmngr fails with keyservers specified by IP without rDNS; reported as dead host or uses wrong Host header.

It's up to GPG to send the Host header that shows the user's intent.

Apr 1 2019, 6:20 PM · Keyserver, dns, dirmngr, Bug Report
werner added a comment to T4444: dirmngr fails with keyservers specified by IP without rDNS; reported as dead host or uses wrong Host header.

So in short you want:

  1. Allow to specify a keyserver by IP without any DNS lookups.
  2. When connecting via IP use the IP address for Host:.
Apr 1 2019, 12:55 PM · Keyserver, dns, dirmngr, Bug Report

Mar 31 2019

robbat2 created T4444: dirmngr fails with keyservers specified by IP without rDNS; reported as dead host or uses wrong Host header.
Mar 31 2019, 10:35 PM · Keyserver, dns, dirmngr, Bug Report

Mar 13 2019

wuximeniyu added a comment to T4165: Dirmngr: Ipv6 causes network failure if Ipv6 can't be reached.

There is a solution for it:

Mar 13 2019, 9:55 PM · Keyserver, Feature Request, dirmngr

Feb 9 2019

kristianf closed T4354: dirmngr should send "fingerprint=on" to keyservers as Resolved.

So, the keyserver operator had thrown in a hockeypuck server in the pool, causing this.. While the keyserver remains in the exclude list until confirmation it has been resolved, that explains the behavior and it has been made clear that separate software needs to use different names in the future.

Feb 9 2019, 8:43 PM · dirmngr, Keyserver, Bug Report

Feb 4 2019

werner updated subscribers of T4354: dirmngr should send "fingerprint=on" to keyservers.

@kristianf we talked about this on Saturday evening. Would you be so kind and have a quick look at the problem with the hu server?

Feb 4 2019, 5:45 PM · dirmngr, Keyserver, Bug Report

Feb 1 2019

steve added a comment to T4354: dirmngr should send "fingerprint=on" to keyservers.

Hi Werner and thanks for looking into this.

Feb 1 2019, 10:32 AM · dirmngr, Keyserver, Bug Report

Jan 30 2019

werner edited projects for T4354: dirmngr should send "fingerprint=on" to keyservers, added: Keyserver, dirmngr; removed Feature Request.

According to sks-keyservers.net both servers you mention run the very same software. Thus I would like to understand why you think they require the use of a legacy option.

Jan 30 2019, 3:22 PM · dirmngr, Keyserver, Bug Report

Oct 29 2018

werner triaged T4165: Dirmngr: Ipv6 causes network failure if Ipv6 can't be reached as High priority.

It actually tries several servers but we need to set a limit because we need to cope with longer timeouts. Do you suggest to toggle between v4 and v6 addresses? That is if a v6 address fails, first try the next v4 address and it that fails, another v6 address, etc.

Oct 29 2018, 9:41 AM · Keyserver, Feature Request, dirmngr

Oct 2 2018

werner added a comment to T4163: hkps://hkps.pool.sks-keyservers.net has to many bad servers to be a good default.

The problem is that the keyserver network is abused as free and
permanent data storage. We can't do much about it without larger
changes on the search capabilities of the keyservers. For more
information see the archives of the sks-devel list starting in July.

Oct 2 2018, 8:50 AM · gnupg, Keyserver

Oct 1 2018

aheinecke added a subtask for T4163: hkps://hkps.pool.sks-keyservers.net has to many bad servers to be a good default: T4165: Dirmngr: Ipv6 causes network failure if Ipv6 can't be reached.
Oct 1 2018, 2:39 PM · gnupg, Keyserver
aheinecke triaged T4163: hkps://hkps.pool.sks-keyservers.net has to many bad servers to be a good default as Normal priority.
Oct 1 2018, 10:24 AM · gnupg, Keyserver
aheinecke claimed T4163: hkps://hkps.pool.sks-keyservers.net has to many bad servers to be a good default.

Ok. I was not aware that HKPS should already have the highest quality.

Oct 1 2018, 10:23 AM · gnupg, Keyserver
kristianf added a comment to T4163: hkps://hkps.pool.sks-keyservers.net has to many bad servers to be a good default.

hkps pool really should be the most responsive, and it already requires clustered only servers for a couple of weeks to try to increase the responsiveness. Experience has shown that any keyserver with less than 3 nodes in a cluster should not be used towards end-users. But do you have any more debugging output as to the problem at hand?

Oct 1 2018, 10:19 AM · gnupg, Keyserver
aheinecke created T4163: hkps://hkps.pool.sks-keyservers.net has to many bad servers to be a good default.
Oct 1 2018, 9:40 AM · gnupg, Keyserver

Sep 11 2018

werner closed T2968: gpg --search: Connection closed in DNS as Resolved.

We assume that this has meanwhile been fixed.

Sep 11 2018, 10:34 AM · Info Needed, gnupg (gpg22), Bug Report, Debian, Keyserver, dirmngr

Aug 29 2018

werner added a project to T2968: gpg --search: Connection closed in DNS: Info Needed.

@elonsatoshi: Were you able to check this with 2.2.9 which has a fix for the resolver?

Aug 29 2018, 2:53 PM · Info Needed, gnupg (gpg22), Bug Report, Debian, Keyserver, dirmngr

Nov 19 2017

elonsatoshi added a comment to T2968: gpg --search: Connection closed in DNS.

You know... I think connman and DNS have something to do with this. Connman does some weird DNS thing. And it auto-generates /etc/resolv.conf to use localhost as the DNS server.

Nov 19 2017, 4:48 AM · Info Needed, gnupg (gpg22), Bug Report, Debian, Keyserver, dirmngr

Oct 24 2017

werner placed T2968: gpg --search: Connection closed in DNS up for grabs.
Oct 24 2017, 3:00 PM · Info Needed, gnupg (gpg22), Bug Report, Debian, Keyserver, dirmngr

Oct 20 2017

werner edited projects for T2968: gpg --search: Connection closed in DNS, added: gnupg (gpg22); removed gnupg (gpg21), gnupg.
Oct 20 2017, 1:48 PM · Info Needed, gnupg (gpg22), Bug Report, Debian, Keyserver, dirmngr

Sep 24 2017

kristianf added a watcher for Keyserver: kristianf.
Sep 24 2017, 6:46 PM
werner added a project to T3392: keyserver default should include pool onionbalance hkp://jirk5u4osbsr34t5.onion: Keyserver.
Sep 24 2017, 10:03 AM · Keyserver, Feature Request, dirmngr

Aug 27 2017

elonsatoshi added a comment to T2968: gpg --search: Connection closed in DNS.

Well, I'm able to reproduce this issue on Parabola. I was also get a different error when I turn off my vpn: `server indicated a failure```, but now I get the dns error again.

elonsatoshi@tyger ~> gpg -vvv --debug-level guru --search elonsatoshi@riseup.net
gpg: using character set 'utf-8'
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog
gpg: DBG: [not enabled in the source] start
gpg: DBG: chan_3 <- # Home: /home/elonsatoshi/.gnupg
gpg: DBG: chan_3 <- # Config: [none]
gpg: DBG: chan_3 <- OK Dirmngr 2.1.23 at your service
gpg: DBG: connection to the dirmngr established
gpg: DBG: chan_3 -> GETINFO version
gpg: DBG: chan_3 <- D 2.1.23
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KEYSERVER --clear hkps://pgp.mit.edu/
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KS_SEARCH -- elonsatoshi@riseup.net
gpg: DBG: chan_3 <- ERR 167772876 Connection closed in DNS <Dirmngr>
gpg: error searching keyserver: Connection closed in DNS
gpg: keyserver search failed: Connection closed in DNS
gpg: DBG: chan_3 -> BYE
gpg: DBG: [not enabled in the source] stop
gpg: keydb: handles=0 locks=0 parse=0 get=0
gpg:        build=0 update=0 insert=0 delete=0
gpg:        reset=0 found=0 not=0 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=0 cached=0 good=0 bad=0
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
              outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: rndjent stat: collector=0x0000000000000000 calls=0 bytes=0
gpg: secmem usage: 0/32768 bytes in 0 blocks
elonsatoshi@tyger ~> sudo rc-service openvpn stop
[sudo] password for elonsatoshi: 
 * WARNING: openvpn is already stopped
elonsatoshi@tyger ~> pidof openvpn
elonsatoshi@tyger ~> gpg -vvv --debug-level guru --search elonsatoshi@riseup.net
gpg: using character set 'utf-8'
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog
gpg: DBG: [not enabled in the source] start
gpg: DBG: chan_3 <- # Home: /home/elonsatoshi/.gnupg
gpg: DBG: chan_3 <- # Config: [none]
gpg: DBG: chan_3 <- OK Dirmngr 2.1.23 at your service
gpg: DBG: connection to the dirmngr established
gpg: DBG: chan_3 -> GETINFO version
gpg: DBG: chan_3 <- D 2.1.23
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KEYSERVER --clear hkps://pgp.mit.edu/
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KS_SEARCH -- elonsatoshi@riseup.net
gpg: DBG: chan_3 <- ERR 167772876 Connection closed in DNS <Dirmngr>
gpg: error searching keyserver: Connection closed in DNS
gpg: keyserver search failed: Connection closed in DNS
gpg: DBG: chan_3 -> BYE
gpg: DBG: [not enabled in the source] stop
gpg: keydb: handles=0 locks=0 parse=0 get=0
gpg:        build=0 update=0 insert=0 delete=0
gpg:        reset=0 found=0 not=0 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=0 cached=0 good=0 bad=0
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
              outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: rndjent stat: collector=0x0000000000000000 calls=0 bytes=0
gpg: secmem usage: 0/32768 bytes in 0 blocks
Aug 27 2017, 4:58 PM · Info Needed, gnupg (gpg22), Bug Report, Debian, Keyserver, dirmngr

Jun 23 2017

werner added a comment to T2968: gpg --search: Connection closed in DNS.

Any update on this?

Jun 23 2017, 5:11 PM · Info Needed, gnupg (gpg22), Bug Report, Debian, Keyserver, dirmngr

Mar 30 2017

admin created Keyserver.
Mar 30 2017, 6:42 PM

Mar 20 2017

werner updated subscribers of T2968: gpg --search: Connection closed in DNS.
Mar 20 2017, 2:55 PM · Info Needed, gnupg (gpg22), Bug Report, Debian, Keyserver, dirmngr
werner reassigned T2968: gpg --search: Connection closed in DNS from kardan to justus.
Mar 20 2017, 2:55 PM · Info Needed, gnupg (gpg22), Bug Report, Debian, Keyserver, dirmngr

Mar 16 2017

kardan added a comment to T2968: gpg --search: Connection closed in DNS.

I was able to reproduce it again. Maybe this bug depends on which keyserver in
the pool answers. The error is the same for Tor and non-Tor connections.

Mar 16 2017, 3:16 PM · Info Needed, gnupg (gpg22), Bug Report, Debian, Keyserver, dirmngr
kardan reopened T2968: gpg --search: Connection closed in DNS as "Open".
Mar 16 2017, 3:16 PM · Info Needed, gnupg (gpg22), Bug Report, Debian, Keyserver, dirmngr
kardan added a comment to T2968: gpg --search: Connection closed in DNS.

I don't know why, it is not repdroducible anymore.

Mar 16 2017, 7:27 AM · Info Needed, gnupg (gpg22), Bug Report, Debian, Keyserver, dirmngr
kardan closed T2968: gpg --search: Connection closed in DNS as Resolved.
Mar 16 2017, 7:27 AM · Info Needed, gnupg (gpg22), Bug Report, Debian, Keyserver, dirmngr