[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gnupg-devel
Subject:    Re: bugreport/feature request
From:       Jason Gunthorpe <jgg () gpu ! srv ! ualberta ! ca>
Date:       1999-10-04 20:51:06
[Download RAW message or body]


> "Janusz A. Urbanowicz" <alex@poleczki.nc-virtual.pl> writes:

> I have a write up on some key server issues, but I have to rework it a
> bit.  The basic idea is to have a fast key storage and use some other
> directory service to locate a key by name or email address.  So LDAP
> could just map the name to a fingerprint and pgp can then lookup the
> required public key data from a distributed keyserver system.  I think
> that it should be distributed (and not only replicated) because the
> keyserver should check signatures before merging them in and this
> takes a lot of time. 

This is exactly what I have implemented here. We have a central LDAP
directory that contains all the fingerprints of the keys belonging to each
user. If someone wants to find the key for foo@debian.org they would start
by locating the fingerprint then going to they keyservers or to our
private key repository. Peruse http://db.debian.org/ for an example of how
a system like this works.

Using LDAP to store the actual keys is IMHO non-ideal because the LDAP
server cannot check validity of key data, or handle merging of signatures
or anything like that.

Jason

[prev in list] [next in list] [prev in thread] [next in thread]