Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Check that GPG keys actually exist on a public keyserver #30

Open
wants to merge 4 commits into
base: master
Choose a base branch
from

Conversation

thefinn93
Copy link
Contributor

Currently checks pgp.mit.edu and keys.gnupg.net, but that's easily changable at the top of the tests.

@ghost
Copy link

ghost commented Jan 2, 2016

It would be nice if it could use HKPS. (E.g. use hkps.pool.sks-keyservers.net)

@thefinn93
Copy link
Contributor Author

It's not even signed by a trusted CA? c'mon

@rugk
Copy link

rugk commented Jan 3, 2016

They use their own (SKS-Keyservers-)CA:

This pool only include servers that have been certified by the sks-keyservers.net CA, of which the certificate can be found at https://sks-keyservers.net/sks-keyservers.netCA.pem [OpenPGP signature] [CRL].

@rugk
Copy link

rugk commented Jan 3, 2016

And if you download this cert over HTTPS you may have the protection level of a CA-system.

And in any way it is better than plain-text queries.

@thefinn93
Copy link
Contributor Author

Fair enough, at this point (for reasons unclear to me) plain-text queries are failing. I'd love to get TLS'd queries working, or any queries working

@thefinn93
Copy link
Contributor Author

I should note that it works fine from my laptop, only intermittently from travis

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants