The reason I want a document is so I can print it off and take it to the
network manager of the offending firewall and swat him so he'll reconfigure
it. "11371, I heard it on the net" doesn't seem like a sound formal
specification to reference when asking someone to open a new hole in their
firewall.
X-Sender: zoo(_at_)mail(_dot_)visi(_dot_)com
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32)
Date: Wed, 03 Sep 1997 14:31:17 -0500
To: "A. Padgett Peterson P.E. Information Security"
<PADGETT(_at_)hobbes(_dot_)orl(_dot_)lmco(_dot_)com>,
rodney(_at_)sabletech(_dot_)com
From: "david d `zoo' zuhn" <zoo(_at_)armadillo(_dot_)com>
Subject: Re: key server lookup protocol?
Cc: ietf-open-pgp(_at_)imc(_dot_)org
Has anyone tried this with a proxy server?
Not that I know of but not difficult - remote secure clients such as V-One's
SmartWall already use other "goofy" ports as do any number of databases
such as Oracle.
Any firewall worth its salt should be capable of opening a TCP port on
11371, so thereby enabling access to the key server. No problems, but
not a very good answer.
It's not unreasonable to expect PGP to be able to cope with an HTTP
proxy server, much as any Web browser does. I've done some testing to
make sure that this works, and manual tests seem to work just fine.
So the next step, and I'm going to see if I can do this in an afternoon
(my attention span for coding these days), is to add explicit proxy
support to the keyserver code in PGP itself.
Once this is done, then the world of PGP users behind firewalls can
utilize their already-working HTTP proxy server to access the various
key server databases.
This doesn't work with some firewalls.
SHTTP doesn't work with some firewalls.
What's the relevance of SHTTP?
--
- david d `zoo' zuhn -| Montana Rail Link/NP, circa 1995, in N scale
-- zoo(_at_)armadillo(_dot_)com --| www.armadillo.com/zoo/layout/ for info