[imp] IMP, PGP, and keyservers

[Michael M Slusarz]

Quoting Chuck Hagenbuch <chuck@horde.org>:

| Quoting Jeff Tucker <jefft@wciatl.com>:
| 
| > Does the current CVS of IMP-HEAD work with PGP keyservers?
| 
| Sometimes; I have had some problems with it timing out.

This is a known problem - however, as of PHP 4.2.x, there is no way to 
timeout execution calls so this really can't be avoided.  At least I can't 
figure out a way to handle this way.

It MAY be possible, instead of using the gpg binary to access the 
keyserver, to directly access the keyserver using sockets.  However 1) I 
don't have the time write now to research the keyserver protocol and 
program the socket stuff, 2) you would have to build the optional socket 
stuff into PHP, and 3) the timeout stuff in PHP sockets may not be portable.

| > I emailed myself a signed message from another application. IMP says
| that
| > the signature is BAD. Using tcpdump, I can see that it is connecting to
| > the keyserver and appears to be requesting the correct key as the Keyid
| in
| > the URL is correct. IMP does not say that the key wasn't found. It says
| > that the signature is bad. I've tried using www.keyserver.net as well
| as
| > wwwkeys.pgp.net.
| 
| The PGP code is relatively new; I don't have time to poke at it myself
| right
| now, and the original author has been pretty busy the last few weeks, but
| if you do have time to look into it, I'll gladly look at patches.

As chuck mentioned, my time is extremely thin right now.  It would be great 
if others could help with improving the code (we are looking at at *least* 
a few months before I probably would have time to probe in-depth).

michael

______________________________________________
Michael Slusarz [slusarz@bigworm.colorado.edu]
The University of Colorado at Boulder