Key server Q
dshaw at jabberwocky.com
Tue Aug 6 06:48:02 CEST 2002
On Tue, Aug 06, 2002 at 02:17:00AM +0200, Simon Josefsson wrote:
> David Shaw <dshaw at jabberwocky.com> writes:
> > The difficulty here is that GnuPG very often knows the user ID or
> > the key ID, but not both.
> > For example, during a --recv-keys GnuPG knows the key ID but does not
> > know the user ID since the key is not present yet, so there is no way
> > to look it up. During a --search-keys, GnuPG knows the user ID but
> > not the key ID, also since the key is not present yet.
> > It is possible to send the user ID during a --refresh-keys and a
> > --send-keys. In those cases, the key is present during the keyserver
> > operation, so the user ID can be looked up and provided to the
> > keyserver plugin. Would that still be useful to you?
> I don't think so, I was thinking of the cases where you have no DNS
> zone configuration and don't have the certificate.
Hmm. I don't think there is a solution within GnuPG then. It may
have to be something external like an x-pgp-keys: header.
> >> An ugly idea for doing this would be to have the OpenPGP message
> >> reader look for From: lines before the actual OpenPGP header, and
> >> snarf the address. Of course, there is no guarantees that there is a
> >> From: header or that it corresponds to the actual OpenPGP originator,
> >> but it would be Good Enough for many common cases, I think. Perhaps
> >> there is a better way?
> > Unless the message is signed or has some other way of giving the key
> > ID, this might be the best way to do it (and then pass the from email
> > address to --search-keys). It would be nice if there was one official
> > version of the many different "x-pgp-keys:" headers, so it could be
> > easily parsed. Perhaps we should write one.
> The KeyID isn't enough for the situation I'm thinking about here,
> where you want to retrieve the certificate from the originator's own
> preferred server.
Well there is a preferred keyserver subpacket for self-sigs, but it
has the same problem as before - if you had the key to look at the
preferred keyserver subpacket, you'd have the key already.
It would be possible to give a suggested keyserver in the x-pgp-keys:
header of course.
David Shaw | dshaw at jabberwocky.com | WWW http://www.jabberwocky.com/
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson
More information about the Gnupg-devel