Re: [openpgp] keyserver protocol

John Clizbe <JPClizbe@tx.rr.com> Wed, 08 May 2013 04:02 UTC

Return-Path: <JPClizbe@tx.rr.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE2E021F8AE2 for <openpgp@ietfa.amsl.com>; Tue, 7 May 2013 21:02:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.199
X-Spam-Level:
X-Spam-Status: No, score=-0.199 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_32=0.6, J_CHICKENPOX_51=0.6, J_CHICKENPOX_72=0.6, J_CHICKENPOX_82=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HlPXIBMT+PZy for <openpgp@ietfa.amsl.com>; Tue, 7 May 2013 21:02:33 -0700 (PDT)
Received: from cdptpa-omtalb.mail.rr.com (cdptpa-omtalb.mail.rr.com [75.180.132.120]) by ietfa.amsl.com (Postfix) with ESMTP id D799A21F8B38 for <openpgp@ietf.org>; Tue, 7 May 2013 21:02:32 -0700 (PDT)
X-Authority-Analysis: v=2.0 cv=JqNzXbEC c=1 sm=0 a=ulbKWX+3DyaA8G8Ha9A3Bw==:17 a=ehAo5EXnqZIA:10 a=XqBCkJwx3yUA:10 a=05ChyHeVI94A:10 a=M0ekKXdxTI4A:10 a=IkcTkHD0fZMA:10 a=ayC55rCoAAAA:8 a=48vgC7mUAAAA:8 a=hvCv-v4cZ4kA:10 a=69wJf7TsAAAA:8 a=q34bkTyjAAAA:8 a=pGLkceISAAAA:8 a=jFpR5k_0AAAA:8 a=QfKxxUxMAAAA:8 a=QZHjU0VWhBe4lku4iAIA:9 a=QEXdDO2ut3YA:10 a=22Nk3EchLcgA:10 a=a9n_x6BPe_4A:10 a=0QJAjy8SXTUA:10 a=hB6TBpPrBZUA:10 a=MSl-tDqOz04A:10 a=AoHxI1HT9TUA:10 a=Sat1diPe-X4v6ftc:21 a=kugy_II1io-qu3kb:21 a=ulbKWX+3DyaA8G8Ha9A3Bw==:117
X-Cloudmark-Score: 0
X-Authenticated-User:
X-Originating-IP: 173.175.198.28
Received: from [173.175.198.28] ([173.175.198.28:55107] helo=[192.168.1.18]) by cdptpa-oedge02.mail.rr.com (envelope-from <JPClizbe@tx.rr.com>) (ecelerity 2.2.3.46 r()) with ESMTP id F0/FB-16585-65EC9815; Wed, 08 May 2013 04:02:31 +0000
Message-ID: <5189CE51.3050208@tx.rr.com>
Date: Tue, 07 May 2013 23:02:25 -0500
From: John Clizbe <JPClizbe@tx.rr.com>
Organization: GingerBear Conspiracy Theories To Go
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:20.0) Gecko/20100101 Firefox/20.0 SeaMonkey/2.17.1
MIME-Version: 1.0
To: openpgp@ietf.org
References: <50E5E6AE.5050201@jcea.es> <3C32E4F1-6B48-4561-94FF-7489D44E36CC@jabberwocky.com> <87zjw6keoe.fsf@alice.fifthhorseman.net>
In-Reply-To: <87zjw6keoe.fsf@alice.fifthhorseman.net>
X-Enigmail-Version: 1.5.1
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Subject: Re: [openpgp] keyserver protocol
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: openpgp@ietf.org
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 May 2013 04:02:37 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Daniel Kahn Gillmor wrote:
> On Thu 2013-01-03 17:53:15 -0500, David Shaw wrote:
> 
>> I actually wrote this up at one point as an informational draft, but 
>> for one reason or another didn't finish submitting it.  If there is 
>> interest, I can clean it up and submit:
>> 
>> http://tools.ietf.org/id/draft-shaw-openpgp-hkp-00.txt
> 
> David, i would like to see this picked back up if possible.  Is there a 
> way that i can help?
> 
> In particular, I would like to see the error signalling and semantics be 
> more clearly and explicitly defined, so that (for example) when a 
> keyserver has a problem the user agents (e.g. client tools like gpg 
> --refresh) have a clear way to distinguish between cases like:
> 
> 0) "I have no key material matching this name/keyid at all"
> 
> 1) "I have too many keys that match this search to bother you with an 
> insanely long list"

You /must/ mean documenting how those two are already implemented?

X-HKP-Results-Count: number of matching keys
Content-Length: number of bytes in resulting keys

- From the SKS CHANGELOG(+) and Mercurial commit log(+>):

+ 1.1.4
+   - Fix X-HKP-Results-Count so that limit=0 returns no results, but include
+     the header, to let client poll for how many results exist, without
+     retrieving any. Submitted by Phil Pennock. See:
+     http://lists.nongnu.org/archive/html/sks-devel/2010-11/msg00015.html

+> changeset:   115:47835fd59b63
+> parent:      113:73ba20267254
+> user:        Phil Pennock <codehack@spodhuis.org>;
+> date:        Sat Apr 21 18:24:46 2012 -0500
+> files:       dbserver.ml key.ml request.ml wserver.ml
+> description:
+> Limit fix for limit=0
+> Return real status text strings, rather than confusing "500 OK".
+> Handle No_results as an exception type, giving 404 instead of 500.
+> Treat limit of -1 (or <0) as "unlimited".
+> Handle limit=0 so that can ask for number of results without getting results.
+>
+> From email submission:
+> Back when X-HKP-Results-Count: was discussed, David Shaw suggested that
+> limit=0 should return no results, but include the header, to let a
+> client poll for how many results exist, without retrieving any.  See:
+>   http://lists.nongnu.org/archive/html/sks-devel/2010-11/msg00015.html
+>
+> Please find attached a patch. Plus a couple of related cleanups in HTTP error
+> response handling.

+ 1.1.2:
+  - Johan van Selst's patch implementing Phil Pennock's suggestion
+       of an X-HKP-Results-Count: header to returned web server queries
+   - Johan van Selst's patch to add Content-length header to web results

+> changeset:   49:68f88ae59b6a
+> user:        John Clizbe <John.Clizbe@gmail.com>;
+> date:        Thu Nov 04 02:37:31 2010 -0500
+> files:       dbserver.ml request.ml wserver.ml
+> description:
+> Johan van Selst's patch implementing Phil Pennock's suggestion
+> of an X-KHP-Results-Count: header to returned web server queries
+>
+> http://lists.nongnu.org/archive/html/sks-devel/2010-11/msg00016.html
+>
+> changeset:   48:e6d918ac4c66
+> user:        John Clizbe <John.Clizbe@gmail.com>;
+> date:        Wed Nov 03 21:58:51 2010 -0500
+> files:       wserver.ml
+> description:
+> Johan van Selst's patch to add Content-length header to web results
+>
+> http://lists.nongnu.org/archive/html/sks-devel/2010-11/msg00005.html

> 2) "something is broken in my database, and I'm confused"

Could you /maybe just possibly/ tie this down to something like a real error
condition instead of something so ambiguous?  Taking a look at lines 245-307
of wserver.ml may be helpful.

- -John

PS: Dan, please DO NOT CC me on replies to the list.

- -- 
John P. Clizbe                      Inet: John (a) Gingerbear DAWT net
SKS/Enigmail/PGP-EKP                  or: John ( @ ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797  hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys@gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"




- -- 
John P. Clizbe                   Inet:   JPClizbe(a)comcast DOT nyet
Golden Bear Networks             PGP/GPG KeyID: 0x608D2A10
"Be who you are and say what you feel because those who mind don't matter
and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
Comment: Be part of the £33† ECHELON -- Use Strong Encryption.
Comment: It's YOUR right - for the time being.
Comment: Using GnuPG with SeaMonkey - http://www.enigmail.net/

iF4EAREIAAYFAlGJzkoACgkQ614Z89ZWmCU5YgD/ePoiYfnYBStLptdHxLnF5CUc
z/Kuq0R8pZpgNuGPVXcA+wW5gNXtO+YAJqkG2z2C9lx+nC3YWNWVCHXNeXmNMIv4
=y7Pw
-----END PGP SIGNATURE-----