Mailing List Archive: Questions on gpg-wks-server

Questions on gpg-wks-server

Apr 24, 2023, 11:48 PM

Post #1 of 3 (179 views)

Hi there,

I'm currently in the process of setting up a Web Key Service and have
some questions on the behaviour of gpg-wks-server:

How does gpg-wks-server determines which domains should be processed?
My best guess would be it uses the top level directories for domains
(e.g. at the default /var/lib/gnupg/wks or at the path specified with -C).

Does gpg-wks-server strip UIDs from the submitted keys from domains that
are not configured?

How does gpg-wks-server deal with multiple user IDs in general? Will it
send out multiple confirmation requests provided the domains are configured?

Does gpg-wks-server drop a publication request if a key has no UIDs with
any of the configured domains?

Kind regards

--
Gregor Düster

Arbeitsgemeinschaft Dresdner Studentennetz (AG DSN)

https://agdsn.de

StuRa der TU Dresden
AG DSN
Helmholtzstraße 10
01069 Dresden

Re: Questions on gpg-wks-server [ In reply to ]

bernhard at intevation

Apr 26, 2023, 5:43 AM

Post #2 of 3 (179 views)

Permalink

Hi Gregor,

Am Dienstag 25 April 2023 08:48:35 schrieb Gregor Düster via Gnupg-devel:
> I'm currently in the process of setting up a Web Key Service

very cool.

> and have some questions on the behaviour of gpg-wks-server:

It maybe that you need to consult the source code for some of the details
and do your own tests.

The service to let email client set their public keys
that are distributed via the web key directory is the more difficult part.

So you are doing both togehter, I guess as
gpg-wks-client --verbose --supported agdsn.de
gpg-wks-client: provider for 'foo@agdsn.de' does NOT support the Web Key
Directory

Regards
Bernhard

--
https://intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter

Re: Questions on gpg-wks-server [ In reply to ]

gnupg-devel at gnupg

Apr 30, 2023, 4:39 AM

Post #3 of 3 (179 views)

Permalink

Hi!

On Tue, 25 Apr 2023 08:48, Gregor Düster said:

> How does gpg-wks-server determines which domains should be processed?
> My best guess would be it uses the top level directories for domains
> (e.g. at the default /var/lib/gnupg/wks or at the path specified with
> -C).

That is correct. Requests with no domain configured below that
directory are ignored. For example for gnupg.org we have

$ ls -l /var/lib/gnupg/wks/gnupg.org/
drwxr-sr-x 3 webkey webkey 4096 Mar 11 2019 hu
drwx--S--- 2 webkey webkey 4096 Jul 5 2021 pending
-rw-r--r-- 1 webkey webkey 0 Nov 14 2017 policy
-rw-r--r-- 1 webkey webkey 21 Aug 31 2016 submission-address

and we have a daily cronjob running "gpg-wks-server -v --cron" to clean
up pending requests after 3 days.

> Does gpg-wks-server strip UIDs from the submitted keys from domains
> that are not configured?

Confirmation requests are sent for all addresses found in the submitted
key as long as the domain is configured. However, gpg-wks-client sends
the keys only with one user id.

> How does gpg-wks-server deal with multiple user IDs in general? Will
> it send out multiple confirmation requests provided the domains are
> configured?

Exactly.

> Does gpg-wks-server drop a publication request if a key has no UIDs
> with any of the configured domains?

Yes.

Salam-Shalom,

Werner

--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein

Mailing List Archive

Attached Files:

Attached Files:

Attached Files: