Package: monkeysphere Version: 0.44-1 Severity: wishlist Given the ongoing troubles with OpenPGP certificate distribution (SKS certificate flooding, etc), it would be good to have a way to manually inject certificates that the monkeysphere-authentication subsystem could know about.
It would also be good to be able to discover OpenPGP certificates from
user IDs based on alternate query approaches, like WKD, DANE/OPENPGPKEY,
etc.
Currently, an administrator might do:
monkeysphere-authentication gpg-cmd --import < /path/to/newcert.key
or
monkeysphere-authentication gpg-cmd --locate-keys em...@example.org
But i'd really like to deprecate "monekysphere-authentication gpg-cmd"
in general (so that we can at some point implement monkeysphere without
using gpg on the backend).
So that suggests that the local administrator who has some other means
of certificate retrieval probably wants to be able to do:
monkeysphere-authentication import < /path/to/newcert.key
And that "monkeysphere-authentication update-users" ought to do WKD and
DANE lookups where possible when trying to discover new certificates.
This also means that it's likely that monkeysphere-authentication needs
to think about how to refresh (for revocations, subkey updates)
differently than it does for lookup by user ID.
With these fixes in place, monkeysphere should probably also focus on
fetching refreshes from some stable, robust keyserver like
hkps://keys.openpgp.org.
So this bug report is asking for all of these fixes in
monekysphere-authentication.
--dkg
signature.asc
Description: PGP signature
