[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PGP Keyserver Synchronization Protocol



On Wed, Jun 23, 1999 at 05:41:51PM +0100, "teun, Tilburg University" <Teun.Nijssen@kub.nl> wrote:
> /Does it really matter if you do not know the internal packet format as long
> /as you know where the packet ends? Hashing is simply mixing together a
> /stream of octets and so I do not believe the 'format' makes much of a difference.
> 
> depending on the order in which a server received signatures in the past, a 
> key may look quite different on different servers, although with sorted
> sigs it is the same.

The bad thing is that merging the keys may not produce the same result,
so that each time the key would be re-requested. E.g., there are many
keys floating around that have been revoked on multiple occasions, i.e.
the merged key would need to contain multiple revocation certificates,
to provide the same checksum, which does not conform to RFC 2440.

Also, I am not thrilled by the idea to exchange 28*600,000 bytes
(8 bytes keyID+16..20 bytes of hash times the number of keys currently
on my server) with a dozen or so sites (>200MB) every day or so just to
find out whether I'm still in sync. This is not too far from just grabbing
the entire keyring (some 650MB) from some other site.

-Marcel