Package: monkeysphere Version: 0.44-1 Severity: wishlist Given the ongoing troubles with OpenPGP certificate distribution (SKS certificate flooding, etc), it would be good to have a way to manually inject certificates that the monkeysphere-authentication subsystem could know about.
It would also be good to be able to discover OpenPGP certificates from user IDs based on alternate query approaches, like WKD, DANE/OPENPGPKEY, etc. Currently, an administrator might do: monkeysphere-authentication gpg-cmd --import < /path/to/newcert.key or monkeysphere-authentication gpg-cmd --locate-keys em...@example.org But i'd really like to deprecate "monekysphere-authentication gpg-cmd" in general (so that we can at some point implement monkeysphere without using gpg on the backend). So that suggests that the local administrator who has some other means of certificate retrieval probably wants to be able to do: monkeysphere-authentication import < /path/to/newcert.key And that "monkeysphere-authentication update-users" ought to do WKD and DANE lookups where possible when trying to discover new certificates. This also means that it's likely that monkeysphere-authentication needs to think about how to refresh (for revocations, subkey updates) differently than it does for lookup by user ID. With these fixes in place, monkeysphere should probably also focus on fetching refreshes from some stable, robust keyserver like hkps://keys.openpgp.org. So this bug report is asking for all of these fixes in monekysphere-authentication. --dkg
signature.asc
Description: PGP signature