[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] APG
From: |
Jeff Johnson |
Subject: |
Re: [Sks-devel] APG |
Date: |
Thu, 01 Jul 2010 23:36:08 -0400 |
On Jul 1, 2010, at 10:55 PM, John Clizbe wrote:
>
> as well as http://ietfreport.isoc.org/idref/draft-shaw-openpgp-hkp/
>
Which reminds me ...
There are _LOTS_ of advantages to hkp:// lookup through
SKS keyserers: easy to implement, reliable and portable,
latency measured in minutes, all astonishingly wonderful.
But there's a few negatives with hkp:// used for certificate
retrieval too.
1) no means to filter pubkeys. Some pubkeys are getting quite
large, approaching 100's of Kb. E.g. here's two fingerprints
I routinely use for retrieval testing (because the pubkeys
are huge:)
0xD5CA9B04F2C423BC
0xc2b079fcf5c75256
2) hkp:/// pre-dates HTTP 1.1 and persistent connections.
The persistence would be useful for validating the certificate.
Alternatively, some means in the hkp:// query to batch
retrieve sont only a designated pubkey, but also
pubkeys that have signed the designated pubkey.
Both of the above issues could be addressed by extending
the hkp:// query syntax a bit to include more sophisticated
queries.
73 de Jeff
Re: [Sks-devel] APG, C.J. Adams-Collier, 2010/07/01