[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] LDAP back-end
From: |
David Shaw |
Subject: |
Re: [Sks-devel] LDAP back-end |
Date: |
Sun, 20 Jun 2010 16:59:50 -0400 |
On Jun 20, 2010, at 3:48 PM, Joseph Oreste Bruni wrote:
> GnuPG supports an LDAP interface directly without needing to use SKS. If you
> are using OpenLDAP the schema extensions can be found easily enough. I did
> this for a small, private key server in my company for awhile until my needs
> outgrew an LDAP implementation.
>
> The downside of using LDAP for a keyserver is that values are replaced rather
> than merged as is preferred by the nature of signatures. A key signed by you
> will be overwritten by the same key signed by me if I first don't take care
> to update my copy of the key with the keyserver version first, resulting in
> lost signatures, preferences and other changes.
Note that the LDAP==non-merging, PKS==merging, is just an accident of history.
GnuPG doesn't particularly care if a keyserver is merging or not, as it is not
dependent on the protocol, and in fact the original LDAP server was a merging
keyserver. If you wrote a LDAP handler for SKS, it would be a merging
keyserver just like SKS using the PKS handler is.
David