Re: [Sks-devel] LDAP back-end

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] LDAP back-end

From:	David Shaw
Subject:	Re: [Sks-devel] LDAP back-end
Date:	Sun, 20 Jun 2010 16:59:50 -0400

On Jun 20, 2010, at 3:48 PM, Joseph Oreste Bruni wrote:

> GnuPG supports an LDAP interface directly without needing to use SKS. If you 
> are using OpenLDAP the schema extensions can be found easily enough. I did 
> this for a small, private key server in my company for awhile until my needs 
> outgrew an LDAP implementation.
> 
> The downside of using LDAP for a keyserver is that values are replaced rather 
> than merged as is preferred by the nature of signatures. A key signed by you 
> will be overwritten by the same key signed by me if I first don't take care 
> to update my copy of the key with the keyserver version first, resulting in 
> lost signatures, preferences and other changes.

Note that the LDAP==non-merging, PKS==merging, is just an accident of history.  
GnuPG doesn't particularly care if a keyserver is merging or not, as it is not 
dependent on the protocol, and in fact the original LDAP server was a merging 
keyserver.  If you wrote a LDAP handler for SKS, it would be a merging 
keyserver just like SKS using the PKS handler is.

David

[Prev in Thread]

Current Thread

[Next in Thread]

[Sks-devel] LDAP back-end, C.J. Adams-Collier, 2010/06/20
- Re: [Sks-devel] LDAP back-end, Joseph Oreste Bruni, 2010/06/20
  - Re: [Sks-devel] LDAP back-end, David Shaw <=

Prev by Date: Re: [Sks-devel] LDAP back-end
Next by Date: [Sks-devel] new keyserver online
Previous by thread: Re: [Sks-devel] LDAP back-end
Next by thread: [Sks-devel] new keyserver online
Index(es):
- Date
- Thread