NowpPublishing fedora developer PGP keys in DNSSEC

[Björn Persson]

Paul Wouters wrote:
>On Sun, 1 Feb 2015, Björn Persson wrote:
>
>> Paul Wouters wrote:
>>> paul at bofh:~$ openpgpkey --fetch pwouters at fedoraproject.org
>>
>> openpgpkey: /var/lib/unbound/root.anchor is not a file. Unable to use
>> it as rootanchor
>>
>> Huh?
>
>turns out a bug in %post of unbound-libs. I pushed a fix into rawhide.
>I've also made openpgpkey smarter so it looks for more file locations
>for the root.anchor or root.key file. I'll push that upstream.

Thanks. Meanwhile a Cron job seems to have created root.anchor, so now
I get this output:

$ openpgpkey --fetch Bjorn at xn--rombobjrn-67a.se
openpgpkey: Received OpenPGP data does not contain a key with keyid Bjorn at xn--rombobjrn-67a.se
(add --uid <uid> to override with any of the below received uids)
# Björn Persson <Bjorn at Rombobjörn.se>
# Björn Persson <Bjorn at Rombobeorn.se>

Besides the lack of IDNA, this shows another character encoding bug. The
UIDs on the key are encoded in UTF-8, and my locale also uses UTF-8, so
no transcoding should be needed, but somewhere along the way the strings
get erroneously interpreted as an 8-bit encoding, probably ISO 8859-1,
and then transcoded from that to UTF-8.

>> Traceback (most recent call last):
>>  File "/usr/bin/openpgpkey", line 189, in <module>
>>    if "<%s>"%args.email in uid:
>> UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position
>> 14: ordinal not in range(128)
>
>I'll work on adding punycode support :)
>
>(the LHS does not matter, we just sha224 whatever you give us)

Don't you need to ensure that the local part is encoded in UTF-8 per
RFC 6530 before you hash it, in case the user's locale uses another
encoding?

-- 
Björn Persson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signatur
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150202/27e1b007/attachment.sig>