Hi! :-)
On Sat, Jan 10, 2015 at 10:08:39AM +0100, intrigeri wrote:
> Frankly, I think I'll wait for this OPW round to be over, and then I'm
> happy to give GNOME Keysign a try and provide feedback.
cool.
>
> I've got a few initial questions, though:
>
> * is working Avahi required to use GNOME Keysign?
Currently, yes.
This is to provide an out-of-the-box experience.
You fire up the program and you can connect those without having
to know the IP address of the other party.
Technically, it's possible to do without Avahi.
But then the user interface gets more complicated.
> * what exact networking connection needs to be allowed for GNOME
> Keysign to work, especially on the LAN? any ports than need to be
> open in the firewall for incoming and/or outgoing traffic?
For now, the key is shared via HTTP on a dedicated port.
The rationale for using a fully fledged TCP connection is that
the full OpenPGP key can be quite large. Larger than a QR code can handle.
Also: current key signing schemes require you to connect to the Internet
in order to download the keys you are about to sign. So we're not worse than that.
The upshot is: Most keys are not that big. So it would certainly be possible,
and I think preferrable, to not use the network if not necessary.
FWIW: I'll be at FOSDEM. I'll hang around the GNOME booth and I'll be in the
security devroom for presenting GNOME Keysign:
https://fosdem.org/2015/schedule/event/keysigning/
I'd be happy to meet any of you guys to have a beer, coffee, chat, or all of
that.
Happy Hacking,
Tobi