
Show HN: Dat-keyserver: a distributed PGP keyserver based on the Dat protocol - tdjsnelling
https://github.com/tdjsnelling/dat-keyserver
======
jnbiche
I like the ability to remove keys. I understand the theoretical reason for
append-only keyservers, but in practice it just turns people off from using
them. No one wants to look at their entries from 2005 from when they screwed
up while learning about subkeys, or their defunct 2008 entry which they never
could revoke because they lost the revocation certificate (all examples purely
fictional).

In any case, a keyservers job is not even to be some kind of source of trust,
so all that really should matter is that it has a user's most up-to-date keys
on it. Validating a key should come from web-of-trust or some secure second
channel verification method (like listing your key ID on a TLS-enabled
website).

~~~
Leace
> No one wants to look at their entries from 2005 from when they screwed up
> while learning about subkeys

Yeah, it's interesting that even platforms such as Keybase that allow changing
or removing data timestamp them in irremovable ways sometimes (e.g. following
someone snapshots their profile in the follower's sigchain).

> In any case, a keyservers job is not even to be some kind of source of
> trust, so all that really should matter is that it has a user's most up-to-
> date keys on it. Validating a key should come from web-of-trust or some
> secure second channel verification method.

Actually having a key on a keyserver was never relevant as web-of-trust runs
parallel to the key origin (that is if you're connected to WoT you'd know
which key is the real one). But it's not practical in general.

> like listing your key ID on a TLS-enabled website

Web Key Directory is something like that and it's trivial to set up:
[https://spacekookie.de/blog/usable-gpg-with-
wkd/](https://spacekookie.de/blog/usable-gpg-with-wkd/)

------
progval
I'm not fluent in modern JS, but I think the level of callbacks nesting makes
it hard to see what else/catch belong to what if/then, especially:
[https://github.com/tdjsnelling/dat-
keyserver/blob/12fa3e8389...](https://github.com/tdjsnelling/dat-
keyserver/blob/12fa3e8389a6f90d312e1e664006df4d8391ecd5/index.js#L288-L369)

You could try splitting this big function into smaller functions to reduce the
length of the code largest callbacks.

It also makes commits harder to read. eg. for
[https://github.com/tdjsnelling/dat-
keyserver/commit/12fa3e83...](https://github.com/tdjsnelling/dat-
keyserver/commit/12fa3e8389a6f90d312e1e664006df4d8391ecd5) a reader can't see
easily what changed in the function, as every line's indentation was changed.
(And the commit message does not explain what the bug was)

~~~
wesleytodd
Ha, omg this is impossible to read. Using async/await here would go a long way
to helping. But honestly this just seems like a work in progress, so code
cleanliness and ability for others to read and contribute might not be the
focus.

Also, generally people do not put all their logic in the same file , in
express apps. Just breaking out the business logic from the express app setup
would also help to make it more readable/understandable.

~~~
buu700
It's also incorrect usage of promises; idiomatically no part of that code
should be nested more than two levels deep. But yeah, async/await would be
both cleaner to read and easier to write correctly.

(Ultimately a minor issue at this stage of what's otherwise a really neat
project!)

~~~
tdjsnelling
Appreciate all the feedback, the code is certainly pretty hacky right now and
I intend to clean it up in future. Glad you like the project!

------
fwip
I'm concerned about the key-removal functionality. The website
([https://keys.tdjs.tech](https://keys.tdjs.tech)) reads: "Enter a message
clearsigned with the key you wish to remove (message content is not
important)"

My understanding of this is that anyone with a copy of anything you've ever
signed can revoke your key. I hope I'm misunderstanding.

~~~
Deadsunrise
The message has to be signed with the private key of the key so no one but the
real owner can delete it. In fact, in the readme:

> If a user can prove that a key belongs to them (by signing a message with
> their private key) then they are able to remove their public key with no
> interaction needed from the server operator. Once a key is removed, it is
> removed from all servers in the pool.

This is a pretty fucking awesome idea.

~~~
sp332
To prove that you have the private key, they should send you a challenge
message and make you send back that message with a signature. If you can send
_any_ signed message, anyone who has ever received a signed message from a
person can upload it and revoke that person's key.

~~~
progval
> If you can send _any_ signed message

Reading the code, it does indeed allow _any_ signed message:
[https://github.com/tdjsnelling/dat-
keyserver/blob/12fa3e8389...](https://github.com/tdjsnelling/dat-
keyserver/blob/12fa3e8389a6f90d312e1e664006df4d8391ecd5/index.js#L288-L369)

------
Leace
Project looks definitely interesting. Too bad the code looks like callback-
hell from 10 years ago: [https://github.com/tdjsnelling/dat-
keyserver/commit/12fa3e83...](https://github.com/tdjsnelling/dat-
keyserver/commit/12fa3e8389a6f90d312e1e664006df4d8391ecd5)

Still, an interesting alternative for people who consider
[https://keys.openpgp.org](https://keys.openpgp.org) too radical.

~~~
snek
OP, please Google "promise chaining", it will make your life so much better.

~~~
sltkr
At that point, why not go straight to async functions?

[https://developer.mozilla.org/en-
US/docs/Web/JavaScript/Refe...](https://developer.mozilla.org/en-
US/docs/Web/JavaScript/Reference/Statements/async_function)

~~~
agentultra
At that point, why not go straight to monads?

[https://github.com/fluture-js/Fluture/tree/11.x](https://github.com/fluture-
js/Fluture/tree/11.x)

~~~
vimslayer
Because one is a language feature and the other is yet another JS library made
by some person.

