[Top] [All Lists]

Re: [openpgp] The combinatorial complexity of OpenPGPv4

2015-03-17 06:41:38
On Tue, 17 Mar 2015 02:50, pgut001(_at_)cs(_dot_)auckland(_dot_)ac(_dot_)nz 

The killer with PGP is keyrings, which are impossible to process in any kind
of nontrivial API (in other words a library) because there's no concept of
"single blob containing a key + name" as there is for X.509 certs.  Instead,

Better don't compare it to X.509.  Think only of stripped down root
certificates and the attribute certificates.  How to decide which
attribute to prioritize over another is also often not easy.  But I
don't have to tell you what's wrong with X.509.

found some X here, what shall I do now?".  Similarly, storing these things in
something like a key/value store for fast lookup is nearly impossible because
you end up having a more or less open-ended number of index fields and cross-
references that need to be maintained.

There are just N user ids and M fingerprints for each keyblock and one
of these fingerprints identifies the entire keyblock.  Why do you want
any more indices (unless you keep on supporting v3 keys)?



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

openpgp mailing list