keyserver

[Joseph Oreste Bruni]

On Nov 6, 2006, at 1:14 PM, David Shaw wrote:

> If you are not planning to sync with the outside world, then may I
> suggest using LDAP?


I considered the use of LDAP since I just recently built an OpenLDAP  
server for us to use for centralized user authentication and it would  
fit right in. But, from what I understand about using LDAP as a  
keyserver, one would lack the key-data merging capability since LDAP  
servers don't know about OpenPGP-specific data.

When GnuPG submits key data to an LDAP server, does it perform  
merging (read-modify-write) or does it just submit the local copy of  
the key, overwriting the previous key?

I was able to get PKS to compile on Linux and it works. My problem  
was initially with trying to build on OS X since the db2 configure  
script is so old that it doesn't recognize Darwin. I pulled the pks- 
current code which uses the DB4.1 database and got it working on  
Linux. But it doesn't support some of the more recent OpenPGP  
features (attributes). (I'm not sure that that is a show-stopper,  
though.)

I was intrigued by CKS but it's dependency on the defunct RpSQL was a  
show-stopper, and using PostgreSQL as a back-end is some serious over- 
kill for an access pattern that never changes.

SKS seems good but the use of yet another oddball language (ocaml) is  
annoying and I ran into problems with it trying to compile on SuSE  
Linux -- I'll bring those issues up on the SKS list if anyone there  
is still participating.

I noticed, David, that your name is one of the contributers to the  
PKS project. I was hoping that the GnuPG project might "adopt" the  
idea of a keyserver and run with it, keeping it up to date. Has the  
idea of public keyservers run out of steam?

Joe

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2508 bytes
Desc: not available
Url : /pipermail/attachments/20061106/222999f1/smime.bin