LDAP KeyServer Schemas

David Shaw dshaw at jabberwocky.com
Tue Apr 1 02:52:01 CEST 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, Mar 31, 2003 at 11:26:29PM +0100, alan wrote:

> David,
> 
> Thank you very much for your reply.  It indeed makes a lot of sense.
> 
> But it now begs the question of: why not just state that the keyserver
> dialogue will be HTTP and consist of 'pks/add, POST, bla bla ...
> 
> Then it is entirely up to the implementors to get on with an HTTP server
> front-end and any backend they desire??

Sure thing. ;)

  http://www.ietf.org/internet-drafts/draft-shaw-openpgp-hkp-00.txt

Comments welcome (from you and everyone else reading this).

> GnuPG then doesn't have to support any other keyserver functionality
> than is present in gpgkeys_hpk.c ...

There are often reasons to use HTTP, just like there are often reasons
to use LDAP.  It is best if GnuPG can support everything.  The
direction that GnuPG is going in is to remove all internal keyserver
functionality altogether, and leave only enough logic to talk to an
external program.  This is why gpgkeys_ldap is external and why
gpgkeys_hkp is external on the development branch of GnuPG.

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2rc1 (GNU/Linux)
Comment: http://www.jabberwocky.com/david/keys.asc

iD8DBQE+iNTf4mZch0nhy8kRAgUrAKDNcSxBhOAl30amkclFIjLKPSoLsQCgoVw+
Qo1dfnNZnEHLWy3MC+YBlHw=
=d2Ne
-----END PGP SIGNATURE-----




More information about the Gnupg-devel mailing list