[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Protocol Details for HKP\HKPS\Gossip
|
From: |
Kristian Fiskerstrand |
|
Subject: |
Re: [Sks-devel] Protocol Details for HKP\HKPS\Gossip |
|
Date: |
Sun, 09 Feb 2014 20:08:41 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 02/09/2014 07:00 PM, Benny Baumann wrote:
> Hi folks,
>
Hi Benny,
> because I know this might get a bit complicated let's split this in
> 3 parts:
>
> 1. HKP: AFAIK this is based on HTTP/1.0, but is there any
> documentation on what possible calls could arrive at the server (in
> the logs I noticed /pks/lookup, /pks/hashquery and /pks/add, but
> it's somehow a bit troublesome to re-engineer the whole API when
> one was going to write some own frontend or caching interface. How
> accurate is the description[1] linked at [2]?
The protocol description should be fairly accurate, although some
additional parameters might have been added since. In particular I'm
using /pks/lookup?op=stats to determine inclusion into the pool, which
isn't documented. I'm doing this by parsing the HTML, so any deviation
from SKS would make this difficult, although I'm open to adding e.g. a
json alternative e.g. at ?op=stats&options=json. I'd then check for an
expected format or do a fallback to the usual HTML parsing for these
servers.
>
> 2. HKPS: Any difference from HKP aside from tunneling by SSL and
> the pinning of the CA of the certificate?
Indeed only TLS-layered HKP. As for the actual implementation in my
pools see [0]
>
> 3. Gossip: Is there some documentation of the binary gossip
> protocol? Having a rough look at the TCP dump I made for testing
> this looks like the OpenPGP data is sent in the clear, but
> unfortunately I didn't manage to get any more out of the dump. But
> given only the algorithmic description [3],[4] it's not quite
> feasable to come up with a complying implementation.
>
I can only recommend looking into SKSs implementation of this. In
addition you might want to look into Hockeypuck, see e.g. the thread
at [1] as I understand Casey et al is also working on an alternative
implementation.
References:
[0] https://sks-keyservers.net/overview-of-pools.php#pool_hkps
[1] http://lists.nongnu.org/archive/html/sks-devel/2012-11/msg00037.html
- --
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Docendo discimus
We learn by teaching
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJS99I4AAoJEPw7F94F4TagiikQAKzFHm8a/Eb1FI/925onE/tG
xV/TPwdqrIAm4PCLVRUAqP5gP4yiiz04uE2J0y7gn3IwCWzOxzWvDLWMp1hL8RNE
A9aAA4oCYdfjfeR3N2zxhc3nGQM7adFnp7s5zKjF4jaXoBk8U94MgmDD+cxQIVF3
iDD30CVc7LAexyhYxfl6TnbffXhZlvsKp4iKZIBVgeUrhrqzhgT7XuxO2nNjPGSh
YrGzNnLRtU2G5oaBItO8Q24GgV+Ya55IHGlcy6Lapg9XXHk45Z7fea6Y7HzGpuLh
VqI7fkFYX6fvzPOMtPF/4KdRlI9LdifbTbUn48eZZf2flEraCOfpm/CcYVcz0PRz
yFLFRPqYO2vFvZsJNRsFBYLGxZQME7RhZH90+YPDja+rpwQmWKoRUR9fedLUONLf
bLMh4nLX+0myvb+/MyEDBgQuvmEQvdE32881K0A/pmuSR6Wuic6PLymm7BJ5nzjA
3FI00VFO9KVy98anECu9/DBEpebQD79yORtDSPDNpDeIA/GPzsCEbIIgFwOYppvi
NF8SgM3EQnYLtqDV5onThqiLR/d0k2TpEymBx6Q0O8VQjiEdurHEFVfl7y2u3NiM
thNUvNvIM993Li7sbvXIMqtugh/HX7QjAjKo9S2aDj4m3+66np1zJPtnl658uPgy
ld3ZvABfJFBFPJFR2YKK
=l0Vi
-----END PGP SIGNATURE-----