[svn] GnuPG - r3867 - trunk/keyserver

David Shaw dshaw at jabberwocky.com
Fri Aug 19 04:48:54 CEST 2005 

On Thu, Aug 18, 2005 at 09:32:23PM -0400, Jason Harris wrote:
> On Thu, Aug 18, 2005 at 08:47:07PM -0400, David Shaw wrote:
> > On Thu, Aug 18, 2005 at 06:33:31PM -0400, Jason Harris wrote:
> 
> > > I see.  So you'll be adding "--keyserver-options exact-full-userid"
> > > and "exact-partial-userid" next, then?
> > 
> > No.  I don't think they're useful, and keyservers don't support them
> > uniformly anyway, so the point is moot.
> 
> Keyservers (HKP) only support exact and not exact, it is only when
> one adds " <" and/or ">" to a search that it is "limited" to outside
> and/or a full match of the email address.

" <" and ">" are pretty good, but not perfect methods.

For example, take this user ID (I've actually seen one like this):

  Joe Smith (old email address is <jsmith at example.net>) <jsmith at example.com>

It will incorrectly match a search of <jsmith at example.net>.

Fussy example, to be sure, but it's inconsistent with LDAP which can
do true exact matches: a LDAP search for
"pgpuserid=*<jsmith at example.net>" correctly won't match because of the
right anchor.

The reason for the " <" is so that a HKP search for "Joe Smith <"
*won't* match the above.  It really shouldn't since it's not an exact
match of the not-email-address part of the uid.  Even so, take this:

  Joe Smith <jsmith at example.com>

A HKP " <" search for that using "Smith <" will match and should not
since again it's not exact.  A LDAP search for "pgpuserid=Smith <*"
will correctly not match because of the left anchor.

So... like I said: pretty good, but not perfect.  Probably good enough
for the majority of cases.

> > > Wouldn't it be easier just to apply the notation that GPG already
> > > understands/documents for --list-keys et. al. to --search
> > > (from gpg.1):
> > 
> > Not a bad idea, though keyservers can't all handle this fully.
> 
> LDAP?  (pks and SKS can, AFAIK.)

No, the other way around.  LDAP actually supports everything here and
more since it has an actual search syntax with wildcards.  Both pks
and SKS searches are much more limited and inherently substring.  In
pks, "exact" means "exact substring with whole words" and "not exact"
means "whole word match".  Not quite sure exactly what SKS does, but I
know the search facility there is being tinkered with as we speak.

David

More information about the Gnupg-devel mailing list