[gnutls-dev] OpenCDK comments
Timo Schulz
twoaday at gmx.net
Mon Apr 23 19:13:54 CEST 2007
Simon Josefsson wrote:
> Having the GnuTLS library itself block and retrieve keys from a
> keyserver seems to be a non-starter for me. GnuTLS might want to
Yes, I can see what you mean. I was not involved in build or
designing this API. Nikos just asked if I can provide a function
in opencdk to retrieve a key via HKP and I implemented it.
> provide an API to ask the application to "search" for keys, but I
> don't see any point in including this functionality.
Right now I don't know the internals of the GnuTLS code to say
anything about it. Maybe we can remove the callbacks without
breaking the code?
> keyserver retrieval of PGP keys? That could use the OpenCDK keyserver
> support.
As you said, the opencdk keyserver support is very simple. I intended
it for a quick key retrieval and it will do the job.
> OTTH, I'd rather support the GnuPG key server infrastructure
> instead since it is more complete and tested (it supports DNS-based
> OpenPGP retrieval for example.. :)).
Yes, I agree with you. The GPG program has a lot of keyserver clients
(finger, hkp, http, dns, ldap) and the code is available for years and
extensively tested.
Timo
More information about the Gnutls-devel
mailing list