Expired Keys

[Cameron Metzke]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Neil Williams wrote:
> On Sunday 04 September 2005 11:31 pm, Cameron Metzke wrote:
> 
>>Basically what im trying to do is build a php frontend to gnupg which
>>can act like a keyserver.
> 
> 
> But then keyservers don't delete keys - expired or not.
> 
> Think about it, when I use a keyserver, I still want to be able to retrieve an 
> expired key - so that I can KNOW it's expired!
> 
> It's even more important with revoked - simply saying the key isn't listed 
> does NOT protect me from an attacker using a compromised (and revoked) key!
> 
> There are established protocols and packages for running keyservers - expired 
> and revoked keys should be retained.
> 
> If you really just mean, as I've done, that you want a PHP/Perl web interface 
> to a small group of users' keys then use gnupg and don't set any keys to 
> ultimate trust - then there is never any trust to check. Put some other 
> authentication in the web site and you could consider using a trust always 
> model that allows you to encrypt to any key in the local keyring. Use gnupg 
> on the box and something like GnuPG::Interface in Perl to handle the key 
> selection and updates and take your updates from *public* keyservers that can 
> be relied upon to give you complete and up to date information.
> 

Yep your dead right,
In essence the frontend im scripting up, is for my own learning curve.
It has allowed me to pull apart many aspects of gpg that i would not
normally touch on. I doubt there will ever be a production version of
it, as it would be like reinventing the wheel. But it does allow me to
learn exactly how to incorporate gpg into regular php applications that
 i would like to have this feature.
Thanks for all your input, it has been a great help :)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iD8DBQFDG41/iJKCWGgxIoARAi38AJ48Tui4zBX4q2oqmmlsL2LOcI//4gCfSrZt
q/JQP6OfB7K74fEs7hAL2Rg=
=c1Pa
-----END PGP SIGNATURE-----