[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] IPv6 and GPG
From: |
Phil Pennock |
Subject: |
Re: [Sks-devel] IPv6 and GPG |
Date: |
Mon, 9 Mar 2009 14:49:52 -0700 |
On 2009-03-09 at 09:19 -0400, David Shaw wrote:
> What with the recent discussion of IPv6, I'm curious if anyone has
> tested GPG against it for key retrieval and submission. It should
> "just work" with the curl backend, but when GPG is built on a system
> without curl, an internal HTTP handler is used instead. I believe
> this handler code should work fine as written, but I don't believe the
> IPv6 piece of it has been tested extensively. If someone could give
> it a whirl, I'd appreciate it. To force the use of the internal HTTP
> handler even when you do have curl installed, you can build GPG with
> "configure --without-libcurl".
Yes; using gpg was my test case that I had the HKP port stuff working.
I even mentioned this, but it'll be buried deep in a long post. The
keyserver is open for public querying, so anyone can test against it.
Demos of gpg with curl working are below. Yes, it just works. :)
I don't have time right now to rebuild gpg; I use FreeBSD Ports builds
though and the options files record that I'm using curl (although ldd
doesn't report it (static linkage of that lib?) and an objdump of the
dynamic strings doesn't list anything matching Curl*). As a feature
suggestion, it would be nice if gpg --version reported the optional
libraries it's linked against (not just libgcrypt).
Another idea is that on a line like:
gpg: requesting key 0x99242560 from hkp server sks.spodhuis.org
you could follow the hostname with the IP address tried.
$ gpg --keyserver 'hkp://[2001:980:fff:31::10]' --recv-key $keyid
% gpg --keyserver 'hkp://[2001:980:fff:31::10]' --recv-key 0x99242560
gpg: requesting key 0x99242560 from hkp server [2001:980:fff:31::10]
gpg: key 0x99242560: "David M. Shaw <address@hidden>" 1 new signature
gpg: Total number processed: 1
gpg: new signatures: 1
% gpg --version
gpg (GnuPG) 1.4.9
[...]
% gpg2 --keyserver 'hkp://[2001:980:fff:31::10]' --recv-key 0x99242560
gpg: WARNING: This version has been built with support for the Camellia cipher.
gpg: It is for testing only and is NOT for production use!
gpg: requesting key 0x99242560 from hkp server [2001:980:fff:31::10]
gpg: key 0x99242560: "David M. Shaw <address@hidden>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
% gpg2 --version
gpg (GnuPG) 2.0.11
libgcrypt 1.4.4
[...]
Regards,
-Phil
PS: IPv6 renumbering within the next month, so if you're reading this
late and the above IPv6 address fails, look up sks.spodhuis.org and
grab the IPv6 address from that.
pgpNszEAksyUs.pgp
Description: PGP signature