[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-devel
Subject: Re: bugreport/feature request
From: Jason Gunthorpe <jgg () gpu ! srv ! ualberta ! ca>
Date: 1999-10-04 20:51:06
[Download RAW message or body]
> "Janusz A. Urbanowicz" <alex@poleczki.nc-virtual.pl> writes:
> I have a write up on some key server issues, but I have to rework it a
> bit. The basic idea is to have a fast key storage and use some other
> directory service to locate a key by name or email address. So LDAP
> could just map the name to a fingerprint and pgp can then lookup the
> required public key data from a distributed keyserver system. I think
> that it should be distributed (and not only replicated) because the
> keyserver should check signatures before merging them in and this
> takes a lot of time.
This is exactly what I have implemented here. We have a central LDAP
directory that contains all the fingerprints of the keys belonging to each
user. If someone wants to find the key for foo@debian.org they would start
by locating the fingerprint then going to they keyservers or to our
private key repository. Peruse http://db.debian.org/ for an example of how
a system like this works.
Using LDAP to store the actual keys is IMHO non-ideal because the LDAP
server cannot check validity of key data, or handle merging of signatures
or anything like that.
Jason
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic