Own sks import

[ghost]

Hello, I linked this plugin with my own sks.

When I look for a key with the key manager:

If the key is not present in the sks, it shows "Please create or import a key"
If the key is prsent, it doesn't show anything but the key is not displayed in the key manager.

Is that an intended behavior ?

Thanks.

[ghost]

I see on my sks server that the lookup is done correctly but nothing is imported locally.

[niklasfemerstrand]

Hi,

Is your SKS server publicly available so I could have a look? Perhaps there's some form of mismatch in the way that the backend is speaking to it.

[quemquis]

Hi,
I also have my own private SKS server and searching and importing works fine for me. (Chrome on win7).
I changed your code to only point to my own SKS server instead of the public MIT one.
What I'd like to look into is to have generated public keys automatically uploaded to my sks server. Anyone done this yet?

[niklasfemerstrand]

There will be a keyserver built into the plugin as soon as #65 is finished, basically the backend needs an add method and somewhere to add public keys to and then query that local storage before querying the remote storage.

I don't like the idea of uploading to anything except the local Roundcube DB storage which the admin can control. The problem with syncing with upstream key servers is that the protocol is broken because it doesn't have a way of revoking keys. Also there is missing validation, meaning anyone can upload any public key with any identifier. I consider this harmful.

Problems like these emerge when public keys are synced with upstream key servers:

http://cryptome.org/2013/07/assange-pk-19days.htm
http://cryptome.org/2013/07/mining-pgp-keyservers.htm

The designers of key servers didn't add any key verification even though each key is bound to an e-mail address. Shame, really, and unfortunately the only fix is to not sync upstream and being cautious with keys stored on them.