Re: [Sks-devel] LDAP back-end

[Joseph Oreste Bruni]

GnuPG supports an LDAP interface directly without needing to use SKS.  
If you are using OpenLDAP the schema extensions can be found easily  
enough. I did this for a small, private key server in my company for  
awhile until my needs outgrew an LDAP implementation.

The downside of using LDAP for a keyserver is that values are replaced  
rather than merged as is preferred by the nature of signatures. A key  
signed by you will be overwritten by the same key signed by me if I  
first don't take care to update my copy of the key with the keyserver  
version first, resulting in lost signatures, preferences and other  
changes.

BerkeleyDB is nice (it is very fast) but does have its quirks. Perhaps  
you could spend that energy redoing the backend using SQLite instead  
of LDAP. I don't know if anyone has provided language bindings for  
SQLite in Ocaml, though.

Joe

Sent from my iPhone

On Jun 20, 2010, at 11:26 AM, "C.J. Adams-Collier"  
<address@hidden> wrote:

> Hey folks,
>
> I'm setting up a CA, and I plan to keep the certs on an LDAP server.
> I've been looking around for a PGP keyserver, and it looks like SKS is
> the most well-maintained system available.
>
> I've written a bit of code here and there, and I can probably  
> implement
> an LDAP back-end if it has not yet been implemented.  I haven't read
> through the codebase yet, so I will go do that here when I have some
> free time.
>
> If such a feature is already implemented (or being implemented), could
> someone bring me up to date?
>
> Thanks in advance,
>
> C.J.
>
> _______________________________________________
> Sks-devel mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/sks-devel