[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] APG
|
From: |
Jeff Johnson |
|
Subject: |
Re: [Sks-devel] APG |
|
Date: |
Fri, 02 Jul 2010 00:53:00 -0400 |
On Jul 2, 2010, at 12:43 AM, C.J. Adams-Collier wrote:
> For the time being, I think it would be wisest to stick with an hkp://
> capable client library in C. This may mean libwww and http 1.0. I
> don't want to get into an overhaul of sks just to make an android app
> function correctly ;)
>
Well the issue is that hkp:// is largely just store-and-forward transport.
Once the key materiel is transported, one still has to searching for
revocations and expiries and validate the certificate all quite annoyingly
complex.
There's aso the issue of persistent keyring store on mobile device that
would be simplified by reduced packet size and retrieval of just
what was needed (self-signatures and revocations) in one transaction,
relying on the low distribution of SKS to avoid a local keyring store,
and CRL's and OCSP and all the other baggage in cert mgmt.
> As the app matures, it may make sense to extend sks to meet the demands
> of the client. But we don't have any demands yet.
>
Yep. hkp:// is working fine on my wee widdle jail bait iPhone here. I'f
hate to have to re-hack anything ;-)
73 de Jeff
Re: [Sks-devel] APG, C.J. Adams-Collier, 2010/07/01