[gnutls-dev] OpenCDK comments

[Simon Josefsson]

Timo Schulz <twoaday at gmx.net> writes:

> Simon Josefsson wrote:
>
>> Having the GnuTLS library itself block and retrieve keys from a
>> keyserver seems to be a non-starter for me.  GnuTLS might want to
>
> Yes, I can see what you mean. I was not involved in build or
> designing this API. Nikos just asked if I can provide a function
> in opencdk to retrieve a key via HKP and I implemented it.
>
>
>> provide an API to ask the application to "search" for keys, but I
>> don't see any point in including this functionality.
>
> Right now I don't know the internals of the GnuTLS code to say
> anything about it. Maybe we can remove the callbacks without
> breaking the code?

Hm.  Do GnuTLS currently use the keyserver stuff?!  I wonder how it
handles the blocking problem.

>> keyserver retrieval of PGP keys?  That could use the OpenCDK keyserver
>> support.
>
> As you said, the opencdk keyserver support is very simple. I intended
> it for a quick key retrieval and it will do the job.

Yup.

>> OTTH, I'd rather support the GnuPG key server infrastructure
>> instead since it is more complete and tested (it supports DNS-based
>> OpenPGP retrieval for example.. :)).
>
> Yes, I agree with you. The GPG program has a lot of keyserver clients
> (finger, hkp, http, dns, ldap) and the code is available for years and
> extensively tested.

Perhaps OpenCDK could use that infrastructure directly instead?
However, I think there are more important things to fix related to
OpenPGP than this.  I don't know if downloading keys from a keyserver
is something that typical OpenPGP clients or servers would actually be
doing.

/Simon