[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cks-devl] Re: cks
From: |
David Shaw |
Subject: |
Re: [cks-devl] Re: cks |
Date: |
Fri, 14 Jun 2002 14:45:08 -0400 |
User-agent: |
Mutt/1.5.1i |
On Fri, Jun 14, 2002 at 06:36:12PM +0000, M. Drew Streib wrote:
> On Fri, Jun 14, 2002 at 08:08:26PM +0200, Simon Josefsson wrote:
> > That, but also a kind of DNS "hosting" of OpenPGP keys.
>
> This has been discussed in the past before, but imo, it is tacking
> an existing system onto a cool, but inappropriate protocol.
>
> NAI had it right moving to LDAP, I think. This also has the advantage
> of an existing implementation, and servers that are ready to sync now.
> This supports push, pull, sync, failover, etc.
>
> As always, my personal preference for cks is to get it syncing with pgpnet
> first, with the horowitz email sync protocol. This isn't the best solution,
> but in the practical world, it has to be done if we want to eventually
> move to a new sync method in the free software world.
One big advantage of DNS distribution of keys is that a negative
response is so lightweight. Werner and I were discussing how to
support automatic checks for key revocation when a signature is
verified. This sort of thing would be a heavy load on the current
HTTP or LDAP servers, but practically invisible to a DNS server.
David
--
David Shaw | address@hidden | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson