307963 – HKPS, DNSSEC, SOCKS (in Windows) Supported Features

Bug 307963 - HKPS, DNSSEC, SOCKS (in Windows) Supported Features

Summary: HKPS, DNSSEC, SOCKS (in Windows) Supported Features

Status:	REPORTED

Alias:	None

Product:	kleopatra
Classification:	Applications
Component:	general (show other bugs)
Version:	2.1.0
Platform:	Microsoft Windows Microsoft Windows

Importance:	NOR wishlist
Target Milestone:	---
Assignee:	kdepim bugs

URL:
Keywords:

Depends on:
Blocks:

Reported:	2012-10-06 08:46 UTC by Bright Star
Modified:	2013-05-08 15:01 UTC (History)
CC List:	2 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Bright Star 2012-10-06 08:46:19 UTC

Hi,
in Kleopatra, i'm going into main-menu > Settings > Configure Kleopatra > Directory Services > New.
Then double-clicked on the (default shown) Server Name, changed that to:
hkps.pool.sks-keyservers.net
(the above is a HKPS supported pool keyserver.)
then when i double click on default scheme, drop-down menu's control down-arrow appears, i clicked on down arrow, i see list of supported scheme.
but i dont see "hkps" inside that list.

Please add support for hkps, and hkps configuration related features.

Example of a List of pool:
https://sks-keyservers.net/overview-of-pools.php

I'm currently trying to do this on a below type of computer:
Kleopatra v2.1.0 ( KDE 4.1.4) (installed beta Gpg4win 2.1.1 Beta).
Windows XP (SP3).
Thunderbird (12.0.1).
Enigmail.
Unbound (my local 3rd party DNSSEC supported DNS-Resolver).
polipo (HTTP proxy server).
SOCKS4a, SOCKS5 based proxy servers ( https://en.wikipedia.org/wiki/SOCKS5 ).

I've tried to use the "hkps.pool.sks-keyservers.net" like this as well :
Scheme: https , Port: 443
Server: hkps.pool.sks-keyservers.net
But did not work, (when i tried) using commandline.
Did not work when tried to use via Enigmail in Thinderbird.
http://pastebin.com/vXZDGXgT
Since i was also trying to use that pool keyserver by accessing it via a HTTP-PROXY server, so this pastebin report will show that,
and may have failed for other reason, like (may be windows edition of gpg or gpg2 does not yet support HTTP-PROXY or socks-proxy server. i think i should create another ticket for supporting of using http-proxy, socks5 proxy, etc in gpg, gpg2. but one of the main reason of using TLS secured connections like HKPS, is to when we/i use multiple proxies to reach Internet, and to make sure i'm connecting with the real keyserver and getting real data from that keyserver.
i have already read these:
http://lists.gnupg.org/pipermail/gnupg-devel/2012-September/026927.html
and also the other link provided inside that, at torproject site.

Want to make sure, my communication connection in between keyserver and my gpg-client, is done relatively more securely and accurately, (i'm not talking about which type of or what gpg-cert/keys/data can be "trusted" or not), when accessing keyserver by going through multiple PROXIES (proxy servers).

Please add SOCKS5 or SOCKS4a using support & configuration GUI support.

If gpg , gpg2, etc are able to use local DNSSEC supported result from DNS-resolver or DNS-client (or has a builtin small dnssec-supported dns-resovler and it has the root-dns-key), and keyserver's domain is also DNSSEC signed, then these components can allow to obtain very accurate & necessary DNSSEC verified DNS-Records, and then those information & TLS/SSL encrypted connection can be used, to connect with the correct IP-address of keyserver, and it will greatly help to make sure that we are NOT receiving some forged data or connecting with some MITM type of gateway or computer., even when connecting via multiple PROXY computers.

Please add DNSSEC support and DNSSEC related configuration GUI support.

Thanks in advance,
-- Bright Star.

Comment 1 Emanuel Schütze 2013-05-08 15:01:43 UTC

marked your report as wish. Needs more discussion.