[Pkg-gnupg-maint] Bug#519333: gnupg: Please include support for encrypted keyserver queries [PATCH]

[David Shaw]

On Thu, Mar 12, 2009 at 01:17:08PM -0400, Daniel Kahn Gillmor wrote:
> On 03/12/2009 12:33 AM, David Shaw wrote:
> 
> > As the author of that patch, let me request that you - please - don't
> > adopt it just yet.  To be sure, the feature is coming, but the exact
> > semantics are not yet set in stone. Adopting the feature before it is
> > finished and released ties the hands of those working on it, as it would
> > be much harder to make changes to the design.
> 
> David, thanks for the quick feedback here (and for authoring the patch
> in the first place!)  I understand why you wouldn't want your hands tied
> for something that may change, and respect that.  Can i contribute to
> sorting out the target semantics somehow?

Please do!

>  What part of the semantics
> are you concerned may change?  As far as i can tell, the user-facing
> bits of the change are:
> 
>  * keyservers providing secured HKP are expected to run TLS-wrapped HKP
> by default on port 11372 (the hkp port + 1).  of course, running on
> alternate ports is not forbidden.

Yes.  I'm not 100% ready to discard TLS over 11371 quite yet, though.
TLS upgrade gives a lot of nice semantics that SSL over 11372 doesn't
have.  I need to test what is possible here.

>  * if a user prefixes their keyserver location with hkps:// , and gpg is
> built with with libcurl, gpg will wrap its connections to the keyserver
> in TLS (using 11372 by default instead of 11371), and will verify the
> remote machine's identity before performing keyserver access.

Currently that is what the patch does.  It might be nice to also
support client-side certificates.  Remember that gpg2 does X.509
natively, so we certainly have access to the certs to identify
ourselves with.

Are you on gnupg-devel?  I've started a thread there so the GPG
community can talk about this.

David