Re: [Sks-devel] Long-form keyids and ocaml 4.02.3

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Long-form keyids and ocaml 4.02.3

From:	Phil Pennock
Subject:	Re: [Sks-devel] Long-form keyids and ocaml 4.02.3
Date:	Sun, 4 Jun 2017 18:08:08 -0400

On 2017-06-04 at 17:41 +0200, Kristian Fiskerstrand wrote:
> Should be a pull request against the main repo for that. The
> build-cleaner patches are likely most interesting, and dkg has some work
> on it already.

Ah, didn't know we'd switched to a PR model.

https://bitbucket.org/skskeyserver/sks-keyserver/pull-requests/52/build-cleaner/diff

Once that's in, can look at the other.

>                The last time I looked into it a number of the issues
> we're seeing in build is related to cryptokit, and we likely should
> discuss whether its time to dis-embed the library from the source (

No problems with cryptokit for me, using 1.7.  I see from Mercurial
commit-log that this doesn't build with older versions of OCaml.  It
looks like this comes down to being willing to specify which version
ranges of the OCaml releases we're supposed to work with.  How far back,
at what price?

> The 64 bit keyid references etc are not necessarily material, we use
> those for internal identifiers anyways but don't display it in the
> WebUI.

I know.  I needed the long form in the UI to be able to copy/paste data
for analysis and have a reasonable set of keyid specifiers to use.  The
UI is more than just "looks pretty" (or not).

So the patch is entirely about exposing the long-form to those using the
keyserver.  https://sks.spodhuis.org/ has this functionality, with the
HTML form on that page including the option to turn it on or off, so
people can decide if it seems useful.

>             People should download the public keyblocks and do their own
> operations on them given their own trustdb/wot calculation rather than
> relying on a third party that doen't provide a security assertion to
> begin with.

When folks are deliberately colliding the short-form, it's useful to be
able to point others at listings which cover enough to look at, without
folks having to download and install tools locally.  It's not perfect,
sure, but when you look at:

  https://sks.spodhuis.org/pks/lookup?op=index&longkeyid=on&search=0x70096AD1
  https://sks.spodhuis.org/pks/lookup?op=index&longkeyid=on&search=0xC1DB921F

it's enough to tell them apart and determine what to call them to tell
them apart when discussing them.

It lets me point to the collisions and say "Look at these keys claiming
to belong to Gunnar Wolf; the 673 one claims to predate the 15F one, but
how do we know for sure?" and leads into a better discussion.

-Phil

signature.asc
Description: Digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Sks-devel] Long-form keyids and ocaml 4.02.3, Phil Pennock, 2017/06/03
- Re: [Sks-devel] Long-form keyids and ocaml 4.02.3, Kristian Fiskerstrand, 2017/06/04
  - Re: [Sks-devel] Long-form keyids and ocaml 4.02.3, Phil Pennock <=
    - Re: [Sks-devel] Long-form keyids and ocaml 4.02.3, Kristian Fiskerstrand, 2017/06/04
    - Re: [Sks-devel] Long-form keyids and ocaml 4.02.3, Phil Pennock, 2017/06/04

Prev by Date: Re: [Sks-devel] Long-form keyids and ocaml 4.02.3
Next by Date: Re: [Sks-devel] Long-form keyids and ocaml 4.02.3
Previous by thread: Re: [Sks-devel] Long-form keyids and ocaml 4.02.3
Next by thread: Re: [Sks-devel] Long-form keyids and ocaml 4.02.3
Index(es):
- Date
- Thread