LDAP KeyServer Schemas

Joel N. Weber II devnull at gnu.org
Tue Apr 1 16:12:02 CEST 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

   However, I think that the issues of secure, and authenticated
   connections to the keyserver should be addressed.

   I think it appropriate behaviour to have privacy in ensuring others
   cannot see which keys you are downloading from a public keyserver.  I
   also like the idea of having a private keyserver where only
   authenticated users can post and/or retrieve keys.

Another issue that comes up is that you may want to download a key to
make sure it hasn't been revoked.  Without authenticating the
keyserver, there is no way to know that Mallory isn't running the
keyserver that you end up talking to.

Merely ssl encrypting a session may only provide limited privacy,
because different key blocks are going to have different sizes, and I
don't think SSL does any padding to disguise the size of the data
you're downloading.  And if you upload a key, you'll probably send
more data to the keyserver than if you download a key, so it will be
obvious that you uploaded a key, and when the keyserver immediately
starts sending it in the clear to all the other keyservers, it will
probably become pretty clear what you uploaded, assuming you were
talking to a public keyserver.

There are probably some neat things that could be done with subliminal
channels in ssh sessions if you don't mind high latency moving around
of keys.

   The other thing that should be supported/supportable is basic http
   authentication.  I haven't had an opportunity to look at the user-agent
   aspect of gnupg, but I hope it is addressing exactly this issue.  Again,
   it would not be that difficult to implement a rather stupid default
   handler that picks up a colon separated userid/pwd combo from the
   options file, base64 encodes it and sends it in response to a 401 error.

Well, yet another thing that should be supported is https using gpg to
authenticate the client to the server and vice versa.  If you have
that, is basic auth still particularily useful?

(Granted, basic auth isn't hard to write code for, and there's
probably no compelling reason not to support it.)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (NetBSD)

iD8DBQE+iZBKNIJPyVx4GhgRAu40AJ9hG9Cn9nKG/v0CiBBdkvSzWVM2fwCgpQFP
XZipEF2AdvU10Vh5m5NiL4Q=
=UJzZ
-----END PGP SIGNATURE-----




More information about the Gnupg-devel mailing list