use-tor should not imply allow-version-check

Steven Allen steven at stebalien.com
Tue Jan 3 23:27:34 CET 2017


Werner Koch <wk at gnupg.org> writes:
> It is the other way around: GnuPG does update its copy of the software
> version database by default.  However, for privacy reason it can do this
> only if that does not leak the IP address.  With Tor this is asserted.
> Without Tor this is not possible and like we have always for done
> features (e.g. OCSP) the user is required to enable an option.

Given that `use-tor` is off by default (most users don't even have tor
installed), you can't say GnuPG updates the software version database by
default. It does so iff `use-tor' or `allow-version-check' are enabled.
Given that the user has to explicitly enable `use-tor', I see no
advantage to automatically enabling `allow-version-check' with tor
enabled. Anyways, I'd be very surprised if there are *any* users with
`use-tor` enabled that don't update gnupg through a package manager.

Also, does gnupg even use this information? As far as I can tell, this
feature isn't used internally so can't this information be fetched (and
cached) when requested (when something calls `gpgconf --query-swdb')?

Finally, gnupg is now the *only* software on my system that doesn't
allow me to disable automatic update checks and the only daemon that
even supports automatic update checks.

> I can't replicate that.  I tested with "use-tor" and Tor running and Tor
> not running.  All worked as expected: I can see traffic to
> versions.gnupg.org ("tcpick -i eth0 -C -yP -h 'host 217.69.76.56'") only
> when use-tor is not active.  I have not tested with running the
> TorBrowser only, though.


Tomoyo logs (my UID is 1000):

    #2017/01/03 19:54:45# profile=3 mode=enforcing granted=no (global-pid=2051) task={ pid=1360 ppid=389 uid=1000 gid=100 euid=1000 egid=100 suid=1000 sgid=100 fsuid=1000 fsgid=100 }
    <kernel> /usr/bin/dirmngr
    network inet dgram send 217.69.76.56 443
    
    #2017/01/03 19:54:45# profile=3 mode=enforcing granted=no (global-pid=2051) task={ pid=1360 ppid=389 uid=1000 gid=100 euid=1000 egid=100 suid=1000 sgid=100 fsuid=1000 fsgid=100 }
    <kernel> /usr/bin/dirmngr
    network inet dgram send 2001:aa8:fff1:2100::56 443
    
    #2017/01/03 19:54:46# profile=3 mode=enforcing granted=no (global-pid=2051) task={ pid=1360 ppid=389 uid=1000 gid=100 euid=1000 egid=100 suid=1000 sgid=100 fsuid=1000 fsgid=100 }
    <kernel> /usr/bin/dirmngr
    network inet dgram send 217.69.76.56 443
    
    #2017/01/03 19:54:46# profile=3 mode=enforcing granted=no (global-pid=2051) task={ pid=1360 ppid=389 uid=1000 gid=100 euid=1000 egid=100 suid=1000 sgid=100 fsuid=1000 fsgid=100 }
    <kernel> /usr/bin/dirmngr
    network inet dgram send 2001:aa8:fff1:2100::56 443

dirmngr.conf:

    use-tor
    keyserver hkp://jirk5u4osbsr34t5.onion

gpg-agent.conf:

    pinentry-program /usr/bin/pinentry-gnome3
    no-allow-loopback-pinentry
    no-allow-mark-trusted
    enable-ssh-support
    no-allow-external-cache

gpg.conf:

    # Started by systemd
    no-autostart
    use-agent
    utf8-strings
    trust-model tofu
    auto-key-locate local
    # Just in case?
    keyserver hkp://jirk5u4osbsr34t5.onion
    keyserver-options auto-key-retrieve
    default-key 5899410C

FYI, This isn't related to the TorBrowser. I've installed both tor and
gnupg through my package manager (Arch Linux, gnupg version 2.1.17).

> However, while testing I noticed that when you add "use-tor" to
> dirmngr.conf and SIGHUP dirmngr (e.g. "gpgconf --reload dirmngr"), Tor
> is indeed not used for DNS.  This has been fixed today.

This obviously isn't a DNS request.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: </pipermail/attachments/20170103/56c1013c/attachment.sig>


More information about the Gnupg-devel mailing list