Commit 8cc30423 authored by T(A)ILS developers's avatar T(A)ILS developers
Browse files

Design draft: update wrt. FireGPG.

parent 3b265735
FireGPG does not support `hkps://`.
- If `extensions.firegpg.keyserver` is set to `keys.indymedia.org`,
which is currently the case in T(A)ILS, FireGPG invokes gpg with the
`--keyserver keys.indymedia.org` option that prevents the use of
`hkps://`
- If `extensions.firegpg.keyserver` is not set, the default FireGPG
keyserver (`pool.sks-keyservers.net`) is used.
- If `extensions.firegpg.keyserver` is set to
`hkps://keys.indymedia.org`, it does not pass FireGPG preferences
validation and the default FireGPG keyserver is used.
- If `extensions.firegpg.keyserver` is set to an empty string, the
default FireGPG keyserver is used.
We now should patch FireGPG to validate this setting in a less
restrictive way.
......@@ -1005,10 +1005,10 @@ GPG itself is configured to connect to this keyserver over a TLS
encrypted tunnel (`hkps://`), currently verifying the server's
certificate is signed by the CaCert X.509 certification authority
until [[todo/Monkeysphere]] (`hkpms://`) support is ready to be used.
On the other hand Seahorse and FireGPG [[do
not|bugs/seahorse_does_not_support_hkps]]
[[support|bugs/firegpg_does_not_support_hkps]] `hkps://` so they are
using cleartext `hkp://` instead.
On the other hand Seahorse [[does not support
hkps|bugs/seahorse_does_not_support_hkps]] so it is using cleartext
`hkp://` instead. FireGPG is using plaintext `hkp://` until T(A)ILS
0.6.1, and the development branch has switched to `hkps://`.
GnuPG is configured to prefer non-outdated digest algorithms such as
SHA256.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment