[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
The new (GPG/PGP)-LDAP interface
Hi
here is my idea on getting LDAP interface into GPG
/------------ LDAP ------------ Directory (search path)
gpgClient |
\- LDAP -tmpdir-ldap- KeyMaintAPP - LDAP (key
maintance path)
this is where for key maintance, a temp add is done to create a new
entry. The
KeyMaintApp reads this information, decode and proccesses it then asds
it into the
normal key Directory.
but gpg uses the normal LDAP search to access information.
The tmpdir is not seperate from 'the directory' but just a different
objectclass
gpgClient <--> LDAP <--- Directory.oc1 <--- LDAP <--> KeyMaintApp
|-----> Directory.oc2 ----->|
The good thing about this idea is The KeyMaintApp requires Authoriztion
to access the directory. The means attacks on the database is low. The
only attack is Dos by filling the oc2 with junk. The KeyMaintApp will
filter out bad keymaint packet
the keymaint packet would have
DN: seq=xxxx,id=XXXXXXXXXXXXXXXX,$(basekeymaint)
objectclass: keyMaint
function: NEWKEY|ADDSIG|DISABL|ENABLE|REVOKE|.....
pgpData: The normal pgp key packet
the ID in the DN is the signature ID of the pgp/gpg armor encoded packet
the KeyAuthApp would then read this packet parse the pgpData into a
normal LDAP directory packet and update "the Directory"
In order to make it semi compatable with pgp the first ldap request is
for pgpServerInfo. Here the information returned will allow gpg to
determine hhow to continue. The existing pgp keyserver does not return a
attribute 'baseKeyMaint' this one will.
The only issue here is when should the KeyMaintApp run? Does it poll
the directory?
should an "add" trigger a external event?
This just an idea of the day
Shaun Savage