[Enigmail] honor-keyserver-url doesn't appear to work

John Clizbe John at Mozilla-Enigmail.org
Sat Jun 14 00:55:34 PDT 2008 

Troy wrote:
> John Clizbe wrote:
>> Troy wrote:
>>> I seem to have run into a problem with --honor-keyserver-url
> 
>> Yeah, looks like either a CKBI* problem or maybe an issue in GnuPG. Try
>> including it in gpg.conf along with any other keyserver-options.
> 
> This was my gpg.conf file prior to using Mepis (linux) and the current
> gpg.conf.
> comment http://www.babylonfarms.com/secure/0xF8180E9E_pub.asc
> default-key  F8180E9E
> default-recipient-self
> keyserver-options auto-key-retrieve honor-keyserver-url import-clean
> export-clean
> enable-dsa2
> default-preference-list s9 s8 s7 s4 s3 s2 s10 h8 h11 h10 h9 h3 z2 z1
> personal-cipher-preferences s9 s8 s7 s4 s3 s2 s10
> personal-digest-preferences h8 h11 h10 h9 h3
> personal-compress-preferences z2 z1
> ask-cert-level
> no-greeting
> no-mdc-warning
> trust-model pgp
> expert
> verbose
> this is the only new entry:
> keyserver  hkp://wwwkeys.eu.pgp.net
> 
>> It ain't automagic according to the man page:
> 
> agreed, however Enigmail is over riding the gpg.conf with/without the
> new entry with pool.sks-keyservers.net according to the output.

Enigmail has *zero* knowledge of what you have in gpg.conf. gpg is the only
program that loads it *after* Enigmail passes the command to execute.

If you wish Enigmail to use a particular server, you will need to change the
setting in Enigmail's preferences.

gpg.conf can be used to fine-tune Enigmail's behavior, but Enigmail will behave
as if the file does not exist and pass whatever options it needs to gpg on the
command line.

The fact that your settings in gpg.conf are reflected in gpg's output leads me
to think there may be an issue with the file itself.

>> BTW, this is really a GnuPG config issue not an Enigmail issue. If you think
>> GnuPG's behavior is broken, post to GnuPG-Users or GnuPG-Dev.
> 
> I would have thought so too, had it not worked using the CLI.
> If the added gpg.conf information still supports your direction I will
> gladly do that.

Verify that Enigmail and you agree on the home directory - Enigmail's console
starts with the output of 'gpg --version'. If the home directory is the same for
both Enigmail and a console seesion, you have a bug either in GnuPG or your
particular build. As I said, My linux version (Slackware 12.1) didn't honor the
preferred keyserver option until the option was set in gpg.conf.

>> FWIW, you should probably also update the keyservers as there is no guarantee
>> you can force others to obey this preference. I tend to turn it off since i have
>> a keyserver on my local LAN.
> 
> Yes, I should probably give up the server begets spam mentality but old
> habits are hard to break, plus the key started getting loaded down with
> pgp sigs from when I used their keyserver as well :)

From my tests, the amount of SPAM traceable to an address on a key varies little
from that resulting from random noise. I get far much more SPAM on any address I
use on a mailing list.

Not using the keyservers to avoid SPAM is simply Security By Obscurity, and it's
/that/ effective also.


-- 
John P. Clizbe                      Inet:   John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A
"what's the key to success?"        / "two words: good decisions."
"what's the key to good decisions?" /  "one word: experience."
"how do i get experience?"          / "two words: bad decisions."

"Just how do the residents of Haiku, Hawai'i hold conversations?"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 677 bytes
Desc: OpenPGP digital signature
Url : http://www.mozdev.org/pipermail/enigmail/attachments/20080614/02baebec/attachment.bin

More information about the Enigmail mailing list