Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. devel
[PATCH] doc: clarify dirmngr use-tor documentation
dkg at fifthhorseman
Apr 19, 2019, 7:21 AM
Post #1 of 5 (617 views)
Permalink
* doc/dirmngr.texi: Correct the documentation, since use-tor should
not have anything to do with gpg-agent.

--

I'm reluctant to push this documentation fix directly because i
confess i still don't have a good mental model of how dirmngr is
supposed to interact automatically with tor, so maybe the original
documentation is right and i'm still just misunderstanding it.

Even if this doc fix is correct, as a user i'm baffled by why
reloading dirmngr wouldn't allow me to clear --use-tor. Does that
mean i just need to restart dirmngr to clear --use-tor, instead of
reloading? Is that a deliberate design decision, or an accident of
implementation? If it's deliberate, what do i (as a user) gain from
that design?
---
doc/dirmngr.texi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
index f5910a884..a1873b501 100644
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
@@ -251,7 +251,7 @@ The option @option{--use-tor} switches Dirmngr and thus GnuPG into
``Tor mode'' to route all network access via Tor (an anonymity
network). Certain other features are disabled in this mode. The
effect of @option{--use-tor} cannot be overridden by any other command
-or even be reloading gpg-agent. The use of @option{--no-use-tor}
+or even by reloading dirmngr. The use of @option{--no-use-tor}
disables the use of Tor. The default is to use Tor if it is available
on startup or after reloading dirmngr.

--
2.20.1


_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Re: [PATCH] doc: clarify dirmngr use-tor documentation [ In reply to ]
wk at gnupg
May 3, 2019, 7:18 AM
Post #2 of 5 (608 views)
Permalink
On Fri, 19 Apr 2019 10:21, dkg@fifthhorseman.net said:

> reloading dirmngr wouldn't allow me to clear --use-tor. Does that
> mean i just need to restart dirmngr to clear --use-tor, instead of
> reloading? Is that a deliberate design decision, or an accident of
> implementation? If it's deliberate, what do i (as a user) gain from

Right. You need to restart dirmngr and it is not sufficient to SIGHUP
it. This is to make it extra hard to bypass Tor if it has been used
before in this session.

> -or even be reloading gpg-agent. The use of @option{--no-use-tor}
> +or even by reloading dirmngr. The use of @option{--no-use-tor}

Thanks. Fixed.


Salam-Shalom,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

Attached Files:

Re: [PATCH] doc: clarify dirmngr use-tor documentation [ In reply to ]
dkg at fifthhorseman
May 3, 2019, 7:50 AM
Post #3 of 5 (608 views)
Permalink
On Fri 2019-05-03 16:18:21 +0200, Werner Koch wrote:
> On Fri, 19 Apr 2019 10:21, dkg@fifthhorseman.net said:
>
>> reloading dirmngr wouldn't allow me to clear --use-tor. Does that
>> mean i just need to restart dirmngr to clear --use-tor, instead of
>> reloading? Is that a deliberate design decision, or an accident of
>> implementation? If it's deliberate, what do i (as a user) gain from
>
> Right. You need to restart dirmngr and it is not sufficient to SIGHUP
> it. This is to make it extra hard to bypass Tor if it has been used
> before in this session.

Thanks for thinking about this!

This isn't "extra hard" though -- it just means "gpgconf --kill dirmngr"
instead of "gpgconf --reload dirmngr", right? (or SIGTERM instead of
SIGHUP)

Is this marginal increase in "hardness" worth the additional confusion
and complexity in configuration?

--dkg

Attached Files:

Re: [PATCH] doc: clarify dirmngr use-tor documentation [ In reply to ]
wk at gnupg
May 7, 2019, 11:18 PM
Post #4 of 5 (606 views)
Permalink
On Fri, 3 May 2019 10:50, dkg@fifthhorseman.net said:

> This isn't "extra hard" though -- it just means "gpgconf --kill dirmngr"
> instead of "gpgconf --reload dirmngr", right? (or SIGTERM instead of
> SIGHUP)

GPA and Kleopatra can do an reload automatically on changing an option.
They don't provide a GUI element to restart dirmngr.

> Is this marginal increase in "hardness" worth the additional confusion
> and complexity in configuration?

Probably not; we may change it in 2.3


Shalom-Salam,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

Attached Files:

Re: [PATCH] doc: clarify dirmngr use-tor documentation [ In reply to ]
dkg at fifthhorseman
May 8, 2019, 4:57 AM
Post #5 of 5 (606 views)
Permalink
On Wed 2019-05-08 08:18:57 +0200, Werner Koch wrote:
> On Fri, 3 May 2019 10:50, dkg@fifthhorseman.net said:
>
>> This isn't "extra hard" though -- it just means "gpgconf --kill dirmngr"
>> instead of "gpgconf --reload dirmngr", right? (or SIGTERM instead of
>> SIGHUP)
>
> GPA and Kleopatra can do an reload automatically on changing an option.
> They don't provide a GUI element to restart dirmngr.

so if you change this option in GPA or Kleopatra, it doesn't actually
change? That sounds perplexing.

>> Is this marginal increase in "hardness" worth the additional confusion
>> and complexity in configuration?
>
> Probably not; we may change it in 2.3

Thanks. I've opened https://dev.gnupg.org/T4488 to track this issue.

--dkg

Attached Files:

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal