[pgp-keyserver-folk] poor use of HTTP in keyserver designs
Jason Harris
jharris at widomaker.com
Thu Nov 25 00:38:25 CET 2004
On Sun, Nov 21, 2004 at 08:19:12PM -0500, Jason Harris wrote:
> On Fri, Apr 09, 2004 at 09:46:19AM -0400, John Belmonte wrote:
> > While looking for keyserver software to tinker with, I stumbled upon
> > pkspxy, the key server proxy. That got me wondering why keyservers
> > would need a custom proxy. Well, looking at the HTTP response headers
> > I'd like to see the HTTP response headers improved. For example, use of
> > entity tags would allow clients and proxies to poll for key changes with
> > minimum burden to the server. Combined with proper cache control
> > headers, general HTTP proxies could serve the keyserver network well.
>
> Clients like wget only use timestamps, which I assume most browsers
> limit themselves too as well. Do you know which browsers use ETag
> for cache control? But, note that neither pks nor SKS currently index
> key IDs/fingerprints/hashes to their last update times.
keyserver.kjsl.com is now generating Date:, Content-Length:, and
Content-MD5: headers for most replies. Additionally, it now supports
HEAD requests with these headers included. Note that the PHP4 page(s)
that support port 80 access do not generate the latter two headers,
however.
While generating ETag: and Last-Modified: headers, as well as supporting
If-Modified-Since and other specifiers in GET/HEAD requests will be
needed for full cache-control semantics, it is unclear (to me) which
proxies/caches, and, if any, which browsers/clients, implement ETag
comparisons. Squid[-cache.org] seems to only use timestamps, but if
anyone uses a proxy/cache that supports ETags, please let me know.
Right now, the size headers are useful so clients like wget can
compute the remaining download time when retrieving keys, but I
believe the MD5 values are not currently used by [m]any caches/
proxies/clients. However, clients like GPG might start checking the
MD5 hashes of received keys and/or issuing HEAD requests to see if
the hashes have changed since the keys were last downloaded from a
particular keyserver. This should not replace cache-control using
ETags and/or timestamps, of course, but it should prove to be a good
solution until more software supports ETags.
--
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
jharris at widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/
Got photons? (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : /pipermail/attachments/20041124/a3482c48/attachment.bin
More information about the Gnupg-users
mailing list