Page 2 of 2

Re: Namecoin Local PGP Keyserver Plugin

Posted: Sat Sep 16, 2017 5:32 am
by biolizard89
Some preliminary review:

https://github.com/phelix/npkh/blob/8c8 ... er.py#L208

It's not immediately obvious to me what the purpose of idFprs is. Is this a cache of some kind? Maybe add some comments explaining this.

https://github.com/phelix/npkh/blob/8c8 ... er.py#L212

It's not immediately obvious what the threat model of proxy_to_standard_pks . It looks to me like this function assumes that the caller is responsible for verifying the authenticity of the data returned by the remote keyserver. Is that correct? Maybe add some comments about this.

https://github.com/phelix/npkh/blob/8c8 ... er.py#L231

It's not immediately obvious to me what searchFpr will contain. It looks like this might be a caching mechanism but I'm not certain. Adding some comments about this would be helpful.

https://github.com/phelix/npkh/blob/8c8 ... thproxy.py

It looks like you're distributing a copy of https://github.com/jgarzik/python-bitcoinrpc . Is that correct? I'd be more comfortable if there were instead a dependency on the original version, so that users don't have to audit whether your version is identical to Jeff Garzik's version.

I'll post some additional review later.

Cheers!

Re: Namecoin Local PGP Keyserver Plugin

Posted: Thu Oct 19, 2017 5:16 am
by biolizard89
More review (based on what GitHub says is Git commit 8c86d534ec0c40403ceb6bef66990f43e957d5c6)

https://github.com/phelix/npkh/blob/mas ... dler.py#L7

I'm fine with this legacy workaround, since Bottle 0.13 isn't in Debian Stretch right now.

Generally speaking, it is difficult to follow the intended flow of the code for common use cases (e.g. looking up an id/ identity). It would probably be helpful to add a comment block at the top of the file that summarizes the intended flow.

The feedback I've given so far is mostly related to auditability. I'm probably not going to try to audit the code further until the requested auditability requests are addressed. Once they are addressed, I will continue reviewing.

Cheers!

Re: Namecoin Local PGP Keyserver Plugin

Posted: Fri Dec 15, 2017 2:31 pm
by phelix
Updated!

Re: Namecoin Local PGP Keyserver Plugin

Posted: Sun Mar 04, 2018 11:07 am
by biolizard89
According to https://github.com/phelix/npkh/blob/a3e ... dler.py#L9 , keys are usually requested in 2 steps: an "index" operation (which converts text to a fingerprint) and a "get" operation (which retrieves a key for a given fingerprint).

However, at https://github.com/phelix/npkh/blob/a3e ... er.py#L335 the tests for the "get" operation are looking up by text rather than by fingerprint. It's not clear to me why this is the case. Furthermore, it seems to me that this usage will violate the security assumption "The integrity of the returned data will be validated externally in GPG (e.g. verifying that a key matches a long fingerprint).". Can this apparent discrepancy be clarified?

Re: Namecoin Local PGP Keyserver Plugin

Posted: Tue Mar 20, 2018 3:00 pm
by phelix
Yes, a "get" operation with a Namecoin ID would only work with a client aware of the local server and Namecoin IDs.

The note at the top just means that the script itself will not check that returned keys match the fingerprint in the request, in favor of a dependency less. It would be quite easy to do it though, see the comment and commented out implementation code following line 93. Every sane handling of requesting a key would check this I guess but I wanted to be clear about it.