looking up pgp keys

Tim Prepscius timprepscius at gmail.com
Mon Sep 9 03:53:49 CEST 2013


Actually, I will ask one more question.
It is sort of off topic, well, it *is* off topic, but I think it is
appropriate anyhow.


So I'm writing this secure e-mail web system.
I'm currently integrating pgp for end to end security.


I'm at the point now where I need to look up recipients' public keys.


Here are 3 options:

1.  web mail contacts web server, says, "hey give me tom's public
key," web server contacts pgp-servers/recipient server, sends back key
to web-mail.

2.  web mail contacts pgp-servers directly, says, "hey give me tom's key."

3.  web mail first tries to contact recipient mail server and ask it
(assuming it is running a key server), then resorts to public pgp
servers.



So I am tending to like #1 because:
1.  web server will make request, real requester IP of web-mail client
won't be known.
2.  web server will prob be on faster connection than client

But I also like #2 because:
1.  web mail client can talk to many servers and validate it gets same
result from all.

..

Does anyone have any thoughts on this issue?

-tim


On 9/8/13, Tim Prepscius <timprepscius at gmail.com> wrote:
> awesomeness.
>
> &options=mr it is.
>
> thanks,
>
> -tim
>
> On 9/8/13, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
>> On 09/08/2013 07:29 PM, Tim Prepscius wrote:
>>> I'm looking at the pgp mit server and the
>>> http://pool.sks-keyservers.net.
>>>
>>> I do not see a way of forcing the search results format from html into
>>> something more conducive to machine parsing.  (aka json)
>>>
>>> I've tried random things like: &format=json, &fmt=json, &plzcanhavjson=1
>>> None have worked.  Parsing the html isn't just a big deal, but ....
>>>
>>> Does anyone know a way of doing this?
>>
>> SKS is the dominant implementation of OpenPGP keyserver infrastructure
>> these days.  most of the servers in the pool you're referring to run
>> SKS.  So the best place to ask this kind of question is on the  SKS
>> development list <sks-devel at nongnu.org>.
>>
>> That said, the "machine-parsable" format is of a much older vintage than
>> json :)
>>
>> The spec for HKP suggests that you need to supply the "mr" variable in
>> the query string:
>>
>>   https://tools.ietf.org/html/draft-shaw-openpgp-hkp-00#section-3.2.1.1
>>
>> and then read the line-oriented text-based output format:
>>
>>   https://tools.ietf.org/html/draft-shaw-openpgp-hkp-00#section-5
>>
>> hth,
>>
>> 	--dkg
>>
>>
>



More information about the Gnupg-devel mailing list