sks-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] APG

From: Jeff Johnson
Subject: Re: [Sks-devel] APG
Date: Thu, 01 Jul 2010 23:36:08 -0400 
On Jul 1, 2010, at 10:55 PM, John Clizbe wrote:
> 
> as well as http://ietfreport.isoc.org/idref/draft-shaw-openpgp-hkp/
> 


Which reminds me ...

There are _LOTS_ of advantages to hkp:// lookup through
SKS keyserers: easy to implement, reliable and portable,
latency measured in minutes, all astonishingly wonderful.

But there's a few negatives with hkp:// used for certificate
retrieval too.

1) no means to filter pubkeys. Some pubkeys are getting quite 
large, approaching 100's of Kb. E.g. here's two fingerprints
I routinely use for retrieval testing (because the pubkeys
are huge:)
        0xD5CA9B04F2C423BC
        0xc2b079fcf5c75256

2) hkp:/// pre-dates HTTP 1.1 and persistent connections.
The persistence would be useful for validating the certificate.
Alternatively, some means in the hkp:// query to batch
retrieve sont only a designated pubkey, but also
pubkeys that have signed the designated pubkey.

Both of the above issues could be addressed by extending
the hkp:// query syntax a bit to include more sophisticated
queries.

73 de Jeff
reply via email to
[Prev in Thread] Current Thread [Next in Thread]