Presenting Peaks

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Presenting Peaks

Andrea Grazioso
Hello everyone,

as the "SKS is effectively running as end-of-life software
at this point", thread pointed out, a new implementation of a
keyserver would need to:

- be totally backward compatible, both with the current keyserver
infrastructure, and client (i.e GnuPG)
- be robust to "silly" attacks, like limiting UID size, UIDs per key,
certificate size, all to a reasonable size (as in "normal usage", having
more than 100 UID per single certificate IMHO is not quite normal)
- be robust to data corruption
- have a modular source, understandable, upgradeable, customizable as needed

The one of the main problems of SKS itself, was the lack of proper
documentation, which does not encourage developers to dive in the
internal of the OCaml code to understand how the current keyserver works

Now we want to present our keyserver, Peaks, which we like to describe
as a modern and modular keyserver (is more like an OpenPGP framework
with a built in keyserver, but the definition holds).

Peaks is by design:

- modular: the keyserver itself is split in several modules, all data
is stored in a RDBMS (we picked MySQL)
- extensible: is possible to support several databases, add modules for
the keyserver, change the internal parameters, etc.
- documented: the code is documented via Doxygen, and the actual
keyserver interal mechanism is explained in several documents [0]
- natively multithreaded: no need to cluster 2+ instances to search keys
while the database is working
- modern: written totally in C++, based on modern libraries [2]
- fully compatible with the current SKS synchronization protocol, to
ease gradual deployment


Regarding problematic keys, especially vulnerable keys our proposal is
to stop synchronizing old key material, keeping just up-to-date
certificates regarding standard security practises, and leaving the
certificates which do not meet the standard in a read-only storage, not
to be synchronized again

Developing from scratch Peaks took a significant effort, which we are
happy to freely provide to the OpenPGP community.
Currently an instance of Peaks is running at peaks.deib.polimi.it [3], and
is synchronized (acting as a client only) with the sks network.

Lastly, we believe in the OpenPGP community, hopefully the source code
and the documentation will attract developers which would be able to
further contribute to the project, and we welcome any feedback.

[0] https://github.com/r4yan2/peaks/tree/master/doc
[2] https://github.com/r4yan2/peaks
[3] http://peaks.deib.polimi.it


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

0x91FFB243503240F0.asc (7K) Download Attachment
signature.asc (849 bytes) Download Attachment