looking up pgp keys
Tim Prepscius
timprepscius at gmail.com
Mon Sep 9 03:53:49 CEST 2013
Actually, I will ask one more question.
It is sort of off topic, well, it *is* off topic, but I think it is
appropriate anyhow.
So I'm writing this secure e-mail web system.
I'm currently integrating pgp for end to end security.
I'm at the point now where I need to look up recipients' public keys.
Here are 3 options:
1. web mail contacts web server, says, "hey give me tom's public
key," web server contacts pgp-servers/recipient server, sends back key
to web-mail.
2. web mail contacts pgp-servers directly, says, "hey give me tom's key."
3. web mail first tries to contact recipient mail server and ask it
(assuming it is running a key server), then resorts to public pgp
servers.
So I am tending to like #1 because:
1. web server will make request, real requester IP of web-mail client
won't be known.
2. web server will prob be on faster connection than client
But I also like #2 because:
1. web mail client can talk to many servers and validate it gets same
result from all.
..
Does anyone have any thoughts on this issue?
-tim
On 9/8/13, Tim Prepscius <timprepscius at gmail.com> wrote:
> awesomeness.
>
> &options=mr it is.
>
> thanks,
>
> -tim
>
> On 9/8/13, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
>> On 09/08/2013 07:29 PM, Tim Prepscius wrote:
>>> I'm looking at the pgp mit server and the
>>> http://pool.sks-keyservers.net.
>>>
>>> I do not see a way of forcing the search results format from html into
>>> something more conducive to machine parsing. (aka json)
>>>
>>> I've tried random things like: &format=json, &fmt=json, &plzcanhavjson=1
>>> None have worked. Parsing the html isn't just a big deal, but ....
>>>
>>> Does anyone know a way of doing this?
>>
>> SKS is the dominant implementation of OpenPGP keyserver infrastructure
>> these days. most of the servers in the pool you're referring to run
>> SKS. So the best place to ask this kind of question is on the SKS
>> development list <sks-devel at nongnu.org>.
>>
>> That said, the "machine-parsable" format is of a much older vintage than
>> json :)
>>
>> The spec for HKP suggests that you need to supply the "mr" variable in
>> the query string:
>>
>> https://tools.ietf.org/html/draft-shaw-openpgp-hkp-00#section-3.2.1.1
>>
>> and then read the line-oriented text-based output format:
>>
>> https://tools.ietf.org/html/draft-shaw-openpgp-hkp-00#section-5
>>
>> hth,
>>
>> --dkg
>>
>>
>
More information about the Gnupg-devel
mailing list