[gnutls-dev] OpenCDK comments
Simon Josefsson
simon at josefsson.org
Mon Apr 23 19:57:07 CEST 2007
Timo Schulz <twoaday at gmx.net> writes:
> Simon Josefsson wrote:
>
>> Having the GnuTLS library itself block and retrieve keys from a
>> keyserver seems to be a non-starter for me. GnuTLS might want to
>
> Yes, I can see what you mean. I was not involved in build or
> designing this API. Nikos just asked if I can provide a function
> in opencdk to retrieve a key via HKP and I implemented it.
>
>
>> provide an API to ask the application to "search" for keys, but I
>> don't see any point in including this functionality.
>
> Right now I don't know the internals of the GnuTLS code to say
> anything about it. Maybe we can remove the callbacks without
> breaking the code?
Hm. Do GnuTLS currently use the keyserver stuff?! I wonder how it
handles the blocking problem.
>> keyserver retrieval of PGP keys? That could use the OpenCDK keyserver
>> support.
>
> As you said, the opencdk keyserver support is very simple. I intended
> it for a quick key retrieval and it will do the job.
Yup.
>> OTTH, I'd rather support the GnuPG key server infrastructure
>> instead since it is more complete and tested (it supports DNS-based
>> OpenPGP retrieval for example.. :)).
>
> Yes, I agree with you. The GPG program has a lot of keyserver clients
> (finger, hkp, http, dns, ldap) and the code is available for years and
> extensively tested.
Perhaps OpenCDK could use that infrastructure directly instead?
However, I think there are more important things to fix related to
OpenPGP than this. I don't know if downloading keys from a keyserver
is something that typical OpenPGP clients or servers would actually be
doing.
/Simon
More information about the Gnutls-dev
mailing list