On Tue, 2019-02-26 at 20:31 +0100, deloptes wrote: > Jim Popovitch wrote: > > > What's up with dirmngr? If dirmngr is installed Evolution often > > takes > > ages to open signed emails. If dirmngr is not installed then > > (according > > to p.d.o/buster/dirmngr) "the parts of the GnuPG suite that try to > > interact with the network will fail" > > > > How can dirmngr be so tightly integrated but work so poorly > > querying > > services? /r > > why should it be dirmngrs fault? perhaps it is a kind of buster or > other issue. > > Try to find out where the waiting is coming from and post back. For > example waiting for keyserver to respond or similar or waiting for > something to time out.
Glad you asked! dirmngr uses sks-keyservers.net which has at least one NS with issues: https://ednscomp.isc.org/ednscomp/0f65feeaa7 But more to the point, It's not an easy program to debug.... Following man page, I created ~/.gnupg/dirmngr.conf and populated it with: verbose debug-level expert keyserver na.pool.sks-keyservers.net disable-ipv6 disable-ldap log-file ~/dirmngr.log allow-ocsp and then I fired up Evolution and opened emails with gpg sigs, but still no data in the file ~/dirmngr.log. :-( What I suspect the problem to be, and what is alluded to on the sks-keyservers status page, is that there is a big inconsistency/availability with their servers (they have more off-pool servers listed than in-pool). Obviously it's a freebie so complaints seem childish, but it is an important service.. just like pool.ntp.org (which ironically Debian has taken responsibility for at least sanitizing that with debian.pool.ntp.org) -Jim P.
