LDAP keyserver patch

David Shaw dshaw@jabberwocky.com
Mon Sep 10 05:02:01 2001 

--tjCHc7DPkfUGtrlw
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi folks,

Well, the FSF and I have worked out an assignment agreement that we
both can live with, so to celebrate, here's LDAP keyserver support for
GnuPG.

This is actually generic keyserver support so GnuPG can speak to any
keyserver type, even types that are site specific.  It is implemented
as stub code in GnuPG itself and separate helper programs to do the
actual talking to keyservers.  The reason for this is security - GnuPG
doesn't need thousands of lines of keyserver code when they can be
much better put in an untrusted application.

Included in the patch is a helper application for LDAP and another one
for email keyservers.  You need OpenLDAP installed to enable LDAP
support.

To use the new feature, you need to tell GnuPG which keyserver helper
to call.  Do this by adding the protocol to the keyserver names in
your options file.  For example:

 # Old HKP keyservers still work
 keyserver x-hkp://wwwkeys.pgp.net

 # New LDAP keyserver
 keyserver ldap://certserver.pgp.com

 # Email keyserver
 keyserver mailto://pgp-public-keys@keys.pgp.net

For backwards compatibility, if you don't specify a protocol, GnuPG
assumes it's a HKP keyserver.  For HKP, the patch will still call the
internal HKP keyserver code, but I hope to move the HKP code to a
separate application at some point.

After applying the patch via the usual patch -p1, you should run
automake and autoconf to rebuild configure and the makefiles.  After
that, the usual ./configure and make should do it.

The patch is against 1.0.6 (not 1.0.6a), and should be considered
experimental for now.  As always, comments welcome.

Get the patch at:
    http://www.jabberwocky.com/crypto/patch.gnupg-1.0.6.dms.keyserver.1

David

--=20
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+--------------------------------------------------------------------------=
-+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

--tjCHc7DPkfUGtrlw
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iQEVAwUBO5vZ+Yccwqs8s7QVAQH5wgf8C/XHEyy1fgS9O7kuqfEzDDCpGzZr37vh
M7NzjowbD6i1u/sr5O2aBxhE2xRyMzoZCzaYdk3ZHlNcm/Xg+EszzyJkD+vXa3/V
gSHtYAfjhugw3Gp6K+WatMXjSPbmH5KmppDYUnkM8VCiuDZaxJMJdbwNBiccWvty
WTry7+B/WSGgL81/e+/loof0qWMC8DZKpObUZLIzz6ICJee1gDfmlRdayX9KL9D0
mXxxsA5y3JnD0KP1vXzyWLvCFlf1LzcHXy32KmBopb828UwI7/y2rI8rRAWDjdnx
Tstl/boiWcFj5Suq6Imt7+E8Fg3XRRGPRzXyakMmqsX1pji1S5tUAA==
=LKRX
-----END PGP SIGNATURE-----

--tjCHc7DPkfUGtrlw--