On Sunday 04 September 2005 11:31 pm, Cameron Metzke wrote: > Basically what im trying to do is build a php frontend to gnupg which > can act like a keyserver.
But then keyservers don't delete keys - expired or not. Think about it, when I use a keyserver, I still want to be able to retrieve an expired key - so that I can KNOW it's expired! It's even more important with revoked - simply saying the key isn't listed does NOT protect me from an attacker using a compromised (and revoked) key! There are established protocols and packages for running keyservers - expired and revoked keys should be retained. If you really just mean, as I've done, that you want a PHP/Perl web interface to a small group of users' keys then use gnupg and don't set any keys to ultimate trust - then there is never any trust to check. Put some other authentication in the web site and you could consider using a trust always model that allows you to encrypt to any key in the local keyring. Use gnupg on the box and something like GnuPG::Interface in Perl to handle the key selection and updates and take your updates from *public* keyservers that can be relied upon to give you complete and up to date information. -- Neil Williams ============= http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/
pgpGT1QO5GkFR.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users