-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Neil Williams wrote: > On Sunday 04 September 2005 11:31 pm, Cameron Metzke wrote: > >>Basically what im trying to do is build a php frontend to gnupg which >>can act like a keyserver. > > > But then keyservers don't delete keys - expired or not. > > Think about it, when I use a keyserver, I still want to be able to retrieve > an > expired key - so that I can KNOW it's expired! > > It's even more important with revoked - simply saying the key isn't listed > does NOT protect me from an attacker using a compromised (and revoked) key! > > There are established protocols and packages for running keyservers - expired > and revoked keys should be retained. > > If you really just mean, as I've done, that you want a PHP/Perl web interface > to a small group of users' keys then use gnupg and don't set any keys to > ultimate trust - then there is never any trust to check. Put some other > authentication in the web site and you could consider using a trust always > model that allows you to encrypt to any key in the local keyring. Use gnupg > on the box and something like GnuPG::Interface in Perl to handle the key > selection and updates and take your updates from *public* keyservers that can > be relied upon to give you complete and up to date information. >
Yep your dead right, In essence the frontend im scripting up, is for my own learning curve. It has allowed me to pull apart many aspects of gpg that i would not normally touch on. I doubt there will ever be a production version of it, as it would be like reinventing the wheel. But it does allow me to learn exactly how to incorporate gpg into regular php applications that i would like to have this feature. Thanks for all your input, it has been a great help :) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iD8DBQFDG41/iJKCWGgxIoARAi38AJ48Tui4zBX4q2oqmmlsL2LOcI//4gCfSrZt q/JQP6OfB7K74fEs7hAL2Rg= =c1Pa -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
