[gnutls-dev] OpenCDK comments

Timo Schulz twoaday at gmx.net
Mon Apr 23 19:13:54 CEST 2007

Simon Josefsson wrote:

> Having the GnuTLS library itself block and retrieve keys from a
> keyserver seems to be a non-starter for me.  GnuTLS might want to

Yes, I can see what you mean. I was not involved in build or
designing this API. Nikos just asked if I can provide a function
in opencdk to retrieve a key via HKP and I implemented it.

> provide an API to ask the application to "search" for keys, but I
> don't see any point in including this functionality.

Right now I don't know the internals of the GnuTLS code to say
anything about it. Maybe we can remove the callbacks without
breaking the code?

> keyserver retrieval of PGP keys?  That could use the OpenCDK keyserver
> support.

As you said, the opencdk keyserver support is very simple. I intended
it for a quick key retrieval and it will do the job.

> OTTH, I'd rather support the GnuPG key server infrastructure
> instead since it is more complete and tested (it supports DNS-based
> OpenPGP retrieval for example.. :)).

Yes, I agree with you. The GPG program has a lot of keyserver clients
(finger, hkp, http, dns, ldap) and the code is available for years and
extensively tested.


More information about the Gnutls-devel mailing list