Bug 307963

Summary: HKPS, DNSSEC, SOCKS (in Windows) Supported Features
Product: [Applications] kleopatra Reporter: Bright Star <bry8star>
Component: generalAssignee: kdepim bugs <pim-bugs-null>
Status: REPORTED ---    
Severity: wishlist CC: emanuel, mutz
Priority: NOR    
Version First Reported In: 2.1.0   
Target Milestone: ---   
Platform: Microsoft Windows   
OS: Microsoft Windows   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Bright Star 2012-10-06 08:46:19 UTC 
Hi, 
in Kleopatra, i'm going into main-menu > Settings > Configure Kleopatra > Directory Services > New.
Then double-clicked on the (default shown) Server Name, changed that to: 
hkps.pool.sks-keyservers.net 
(the above is a HKPS supported pool keyserver.) 
then when i double click on default scheme, drop-down menu's control down-arrow appears, i clicked on down arrow, i see list of supported scheme.
but i dont see "hkps" inside that list.

Please add support for hkps, and hkps configuration related features. 

Example of a List of pool: 
https://sks-keyservers.net/overview-of-pools.php 

I'm currently trying to do this on a below type of computer: 
Kleopatra v2.1.0 ( KDE 4.1.4) (installed beta Gpg4win 2.1.1 Beta). 
Windows XP (SP3). 
Thunderbird (12.0.1). 
Enigmail. 
Unbound (my local 3rd party DNSSEC supported DNS-Resolver).
polipo (HTTP proxy server).
SOCKS4a, SOCKS5 based proxy servers ( https://en.wikipedia.org/wiki/SOCKS5 ).

I've tried to use the "hkps.pool.sks-keyservers.net" like this as well : 
Scheme: https , Port: 443 
Server: hkps.pool.sks-keyservers.net 
But did not work, (when i tried) using commandline. 
Did not work when tried to use via Enigmail in Thinderbird.
http://pastebin.com/vXZDGXgT 
Since i was also trying to use that pool keyserver by accessing it via a HTTP-PROXY server, so this pastebin report will show that, 
and may have failed for other reason, like (may be windows edition of gpg or gpg2 does not yet support HTTP-PROXY or socks-proxy server. i think i should create another ticket for supporting of using http-proxy, socks5 proxy, etc in gpg, gpg2. but one of the main reason of using TLS secured connections like HKPS, is to when we/i use multiple proxies to reach Internet, and to make sure i'm connecting with the real keyserver and getting real data from that keyserver.
i have already read these: 
http://lists.gnupg.org/pipermail/gnupg-devel/2012-September/026927.html 
and also the other link provided inside that, at torproject site. 

Want to make sure, my communication connection in between keyserver and my gpg-client, is done relatively more securely and accurately, (i'm not talking about which type of or what gpg-cert/keys/data can be "trusted" or not), when accessing keyserver by going through multiple PROXIES (proxy servers).

Please add SOCKS5 or SOCKS4a using support & configuration GUI support.

If gpg , gpg2, etc are able to use local DNSSEC supported result from DNS-resolver or DNS-client (or has a builtin small dnssec-supported dns-resovler and it has the root-dns-key), and keyserver's domain is also DNSSEC signed, then these components can allow to obtain very accurate & necessary DNSSEC verified DNS-Records, and then those information & TLS/SSL encrypted connection can be used, to connect with the correct IP-address of keyserver, and it will greatly help to make sure that we are NOT receiving some forged data or connecting with some MITM type of gateway or computer., even when connecting via multiple PROXY computers.

Please add DNSSEC support and DNSSEC related configuration GUI support. 

Thanks in advance, 
-- Bright Star.
Comment 1 Emanuel Schütze 2013-05-08 15:01:43 UTC 
marked your report as wish. Needs more discussion.