[pkg-gnupg-maint] Bug#800894: Bug#800894: please add support for reaching out to keyservers through Tor
intrigeri
intrigeri at debian.org
Tue Dec 29 09:50:02 UTC 2015
Hi Werner and others,
Werner Koch wrote (29 Dec 2015 08:10:26 GMT) :
> On Mon, 28 Dec 2015 15:53, intrigeri at debian.org said:
>> dirmngr(8) isn't very clear if DNS leaks are supposed to happen,
>> though: the paragraph about --use-tor suggests they will, while the
> Nope. If --use-tor (or well, "use-tor" in dirmngr,conf) is used there
> should be no leaks at all. If GnuPG is not build aganst a Tor aware
> resolver (i.e. the patched ADNS) all attempts to access the DNS will
> fail. grep for opt.use_tor in dirmgr/ to see where we check
> for this.
Thanks for clarifying!
>> one about --nameserver suggests they won't. I didn't check what
>> happened in practice, and then I won't dare closing this bug report.
> Any suggestion how to improve the wording?
What I see in dirmngr(8), current Debian unstable version (2.1.10-3), is:
--use-tor
This option switches Dirmngr and thus GnuPG into ``Tor mode'' to route
all network access via Tor (an anonymity network). WARNING: As of now
this still leaks the DNS queries; e.g. to lookup the hosts in a key‐
server pool. Certain other features are disabled if this mode is
active.
Given your clarification above, I would remove the warning sentence
about DNS leaks.
Cheers!
--
intrigeri
More information about the pkg-gnupg-maint
mailing list