On Mon, 20 Feb 2006, David Shaw wrote: > LDAP had TLS support back in 1.3.5. HTTP and FTP just got TLS support > in 1.4.3. At one point, I started documenting the new options and > stopped because the man page would be enormous. At some point, I'll > probably make a "gpgkeys" man page so as to not grow the main "gpg" > page too much.
Well, at least some hints that tls support exists at all would have been useful! ;-) (*) > I don't know that LDAP is a good *public* keyserver as things stand. > By its nature, even if some sort of authentication was added, the > server would only carry keys that were explicitly submitted to it. > Most other keyservers synchronize with their peers automatically to > carry a global keyring. Agreed. > A LDAP keyserver would be useful as a company keyserver where people > inside the company IP range or an administrator can add keys, and the > rest of the world can just read. That eliminates tcp-wrapping. You'd have to grant write access by using the peername statement in the access <who> field, right? > Anyway, that is (more or less) how I was expecting LDAP to be used. I > never added LDAP auth because I wasn't sure exactly what was needed, > and didn't want to implement it without some clear use case. Well, how about the following for a different usage scenario: It would be nice if all users could submit their keys, readable by all but delete only their own submitted keys. Thus, no dedicated administrator for key management would be required since the LDAP server itself doesn't require much administration after setup. Walter (*) No offense here, you've done a remarkable job so far! _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
