[gnutls-dev] OpenCDK comments

Simon Josefsson simon at josefsson.org
Mon Apr 23 18:39:23 CEST 2007

Timo Schulz <twoaday at gmx.net> writes:

> Simon Josefsson wrote:
>> No, it shouldn't be.  Perhaps the copy of OpenCDK inside GnuTLS can be
>> made smaller, without e.g. the keyserver files, because those have
>> caused compilation problems in the past.  I'll look into that.
> I forgot to mention that right now there is a callback which uses
> the keyserver code. Probably it would be the best idea to remove
> them first. I'm not sure if 'auto' key retrieval is a general feature in
> GnuTLS so the code must be probably changed at a higher level.

Having the GnuTLS library itself block and retrieve keys from a
keyserver seems to be a non-starter for me.  GnuTLS might want to
provide an API to ask the application to "search" for keys, but I
don't see any point in including this functionality.

OTOH, possibly gnutls-cli or gnutls-serv could be enhanced to support
keyserver retrieval of PGP keys?  That could use the OpenCDK keyserver
support.  OTTH, I'd rather support the GnuPG key server infrastructure
instead since it is more complete and tested (it supports DNS-based
OpenPGP retrieval for example.. :)).


More information about the Gnutls-devel mailing list