jgg at gpu.srv.ualberta.ca
Mon Oct 4 15:51:06 CEST 1999
> "Janusz A. Urbanowicz" <alex at poleczki.nc-virtual.pl> writes:
> I have a write up on some key server issues, but I have to rework it a
> bit. The basic idea is to have a fast key storage and use some other
> directory service to locate a key by name or email address. So LDAP
> could just map the name to a fingerprint and pgp can then lookup the
> required public key data from a distributed keyserver system. I think
> that it should be distributed (and not only replicated) because the
> keyserver should check signatures before merging them in and this
> takes a lot of time.
This is exactly what I have implemented here. We have a central LDAP
directory that contains all the fingerprints of the keys belonging to each
user. If someone wants to find the key for foo at debian.org they would start
by locating the fingerprint then going to they keyservers or to our
private key repository. Peruse http://db.debian.org/ for an example of how
a system like this works.
Using LDAP to store the actual keys is IMHO non-ideal because the LDAP
server cannot check validity of key data, or handle merging of signatures
or anything like that.
More information about the Gnupg-devel