[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Rarity: Crypto question enclosed



-----BEGIN PGP SIGNED MESSAGE-----

Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

To: [email protected], [email protected]
Date: Mon Nov 11 12:31:25 1996
> > My simple question is regarding key/certificate distribution:
> >
> >         Is there any particular reason that such can't be
> accomplished via
> > on-line lists, and made available via a service on a port, using
> standard
> > (textual) commands, like mail and such are now?
>
> It's possible to have a key-server listen on a port and accept
> requests, then it would
> fork a process, process the result, and return an answer set.
> 
> But how many CPU cycles would it take for a machine to process a
> request, ie going through
> 1000 of keys?  I am not exactly sure, it took a long while on my
> pentium.
> 
> In my opinion, if I were to run a key server as a service, with
> clients connecting and requesting a key
> it shouldn't take more than a minute to get a responce.
> 

Agreed - a proper search algorithm should yield an answer in a few seconds, 
at most.

> >         The things that come to mind are a 'client' request for a
> key, a
> > 'client' submission of a key, an external host requesting a key
> exchange,
> > and the host itself requesting a key exchange with another system
> (only
> > new/changed keys being swapped).
> 
> Had the exact same idea, but came up with an interesting concept. When
> a person submits a key, a PGP process is spawned yeilding the
> following information 1.) The name ([email protected]) 2.) The real
> name (Michael Peponis) 3.) The key size 4.) Creation date of the key
> 5.) Key finger print
> 
> This information, along with the acutal key would be inserted into a
> SQL Database table
> 
> With a structure similar to this

... <deletia> ...

The reason I brought the idea up here was in the hope that others on the CP 
list could help work out the fussy details of the protocol: what info would 
need to be included for what types of exchanges, what port(s) would be good 
to work with, etc. Platform/implementation would be subject to considerable 
variation - but the idea would survive (hopefully :-)

> 
> It's not that hard, it's performance that's more of an issue.  The
> beauty of my approch would be that initially, there would be alot of
> "Add" requests, resulting in many PGP processes running on the box,
> but eventually, they would tapper off.

Again, implementation on any particular platform using any particular OS 
would be up to the afficionados of said platforms/OS's. I'm more interested 
in the CP list coming up with the protocol/standards.

Dave


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMoasIsVrTvyYOzAZAQEkTAP+JQtMdr5x+Wz4s6SXchgA4ow3+P9WLpzs
JpjXRbNeHspJ2btlAe4pSgRqSp9oygqJ6Nxpa6DFOC4uB6sl3NaOw8tzcVVJm8GN
+QsGP3KBoeTtRh1xE5yUsFoWmGWSqtDLLhu7bU34TaryLBU/Hvj2mOQXqwXhQlvE
FhE5VETJJ2o=
=LG7t
-----END PGP SIGNATURE-----