[Sks-devel] pool.sks-keyservers.net issues
Niels Laukens
niels at dest-unreach.be
Thu Feb 28 09:12:50 CET 2013
Thanks Phil for the very clear summary of the problem!
On 2013-02-28 00:50, Phil Pennock wrote:
> The best fix is to use gpg with a real cURL library.
I'm currently using a downloaded binary from gpgtools.org. I don't see
libcurl in the list of shared objects used by the binary (otool -L,
Mac's equivalent to ldd), so I assume gpg was build without libcurl
support and I need to build a gpg2 myself. Am I correct?
> So:
> (1) there's a corner-case interaction of TCP/HTTP and half-closes
> (2) there's a build work-around for end-sites of the client software
> (3) there's a code change for the client software that avoids the issue
> (4) we're working on server configuration fixes to avoid the issue too
>
> (4) is the only thing that will help currently deployed software bases.
> (3) is the only thing that will keep the issue reliably fixed going
> forward.
> (2) means people encountering it can work around it now.
> (1) sucks, because I for one like the signalling done and the model used
> in TCP and used by the GnuPG developers. It's very clear, "we're
> not going to send anything else". Unfortunately, it's causing
> real-world interoperability issues. :-(
I agree with your sentiment on (1). TCP clearly states that this is the
expected behavior (quote from RFC793 section 3.5):
> CLOSE is an operation meaning "I have no more data to send." The
> notion of closing a full-duplex connection is subject to ambiguous
> interpretation, of course, since it may not be obvious how to treat
> the receiving side of the connection. We have chosen to treat CLOSE
> in a simplex fashion. The user who CLOSEs may continue to RECEIVE
> until he is told that the other side has CLOSED also. Thus, a program
> could initiate several SENDs followed by a CLOSE, and then continue to
> RECEIVE until signaled that a RECEIVE failed because the other side
> has CLOSED.
(2) does require a recompile of the binary. I don't mind compiling from
source, but I think a lot of users won't go further than downloading
binaries.
(3) will solve thing in the future. Is someone already working on a
patch? Since my options are (a) live with the problem or (b) compile a
fixed version, I can just as well patch and compile the curl-shim-part.
(4) is obviously the best solution from a user perspective, and combined
with my (and Phil's) view on (1), also the "right" solution.
Niels
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 906 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130228/6b798f8a/attachment.pgp>
More information about the Gnupg-users
mailing list