dns cert support
David Shaw
dshaw at jabberwocky.com
Wed Apr 5 14:42:20 CEST 2006
On Wed, Apr 05, 2006 at 12:30:42PM +0200, Peter Palfrader wrote:
> I notice that if I have both, a IPGP and a PGP CERT RR that GnuPG fails
> to import the key some of the time:
[..]
> } ;; ANSWER SECTION:
> } peter.palfrader.org. 43200 IN CERT 6 0 0 FFsAyW1dVK7hIGuvhN56r26UwJx/
> } peter.palfrader.org. 43200 IN CERT PGP 0 0 mQGiBDgp0YcRBACN9s8EycXRsu9ym3Sjou1N.....
>
> Is having them both not supported or is there a bug somewhere?
At the moment, GnuPG will take whichever it sees first (the PGP or the
IPGP, but not both). So given round robining, if you have both, it
will seem to flip back and forth between the two. I'm thinking about
having GPG favor one or the other in these cases (probably PGP since
if it has already fetched the whole key, it may as well import it
rather than go to a web page or keyserver somewhere).
The reason it is not fetching from the IPGP record you have there is
there is only a fingerprint, and you must have a --keyserver defined
for it to fetch the fingerprint from in that case. Do you have a
--keyserver defined?
David
More information about the Gnupg-users
mailing list