On Mar 11, 2009, at 6:11 PM, Micah Anderson <mi...@debian.org> wrote:
Package: gnupg Version: 1.4.9-5 Severity: wishlist Tags: patch Hello, There is a move towards providing keyserver queries over an encrypted transport for the purposes of stopping the leakage of key query information that could be used for transactional surveillance purposes. There are keyservers now in the global pool that are setup to provide encrypted transport, with more on their way. The SKS keyserver develoopers are actively discussing how to add TLS wrapped keyserver queries natively in the keyserver code[0]. Until then people are setting up front-end SSL proxies, using things like nginx. In fact, along with some other folks, I am running one which supports this in the SKS pool[1] zimmerman.mayfirst.org. The gnupg developers have introduced a patch to the upstream stable branch of gnupg 1.4[2] which provides a simple mechanism for performing secure hkps queries to keyservers, and according to the original author, this will be in gpg2 in the next round of patch integration[3]. The PGP developers are also implementing this in their code. Also, the IETF seem to have also come to a similar position recently[4]. It would be very much appreciated if debian adopted the attached patch so more people could have convenient access to this feature. When upstream's STABLE-1.4 branch is released, then it could be simply dropped. I've built and tested this and it works flawlessly, its a relatively small patch and upstream has already adopted it, so it seems like a win all around.
As the author of that patch, let me request that you - please - don't adopt it just yet. To be sure, the feature is coming, but the exact semantics are not yet set in stone. Adopting the feature before it is finished and released ties the hands of those working on it, as it would be much harder to make changes to the design.
David -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
