use-tor should not imply allow-version-check
Werner Koch
wk at gnupg.org
Tue Jan 3 13:28:01 CET 2017
On Mon, 2 Jan 2017 18:48, steven at stebalien.com said:
> That doesn't really explain why enabling tor *should* imply update
> checks. I use a GNU/Linux distribution so I get all my updates through
It is the other way around: GnuPG does update its copy of the software
version database by default. However, for privacy reason it can do this
only if that does not leak the IP address. With Tor this is asserted.
Without Tor this is not possible and like we have always for done
features (e.g. OCSP) the user is required to enable an option.
> Maybe it's not the update check? Dirmngr has been periodically opening
> a direct TCP connections to 217.69.76.56 on port 443 even when `use-tor`
I can't replicate that. I tested with "use-tor" and Tor running and Tor
not running. All worked as expected: I can see traffic to
versions.gnupg.org ("tcpick -i eth0 -C -yP -h 'host 217.69.76.56'") only
when use-tor is not active. I have not tested with running the
TorBrowser only, though.
Note that versions.gnupg.org is currently a CNAME to git.gnupg.org.
However, while testing I noticed that when you add "use-tor" to
dirmngr.conf and SIGHUP dirmngr (e.g. "gpgconf --reload dirmngr"), Tor
is indeed not used for DNS. This has been fixed today.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: </pipermail/attachments/20170103/4473ce34/attachment.sig>
More information about the Gnupg-devel
mailing list