[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Sks-devel] javascript web of trust visualization: CORS and keyserver sp
|
From: |
Geoffrey Irving |
|
Subject: |
[Sks-devel] javascript web of trust visualization: CORS and keyserver spam |
|
Date: |
Sun, 8 Sep 2013 12:14:10 -0700 |
I am writing a little web-of-trust visualizer in javascript:
https://github.com/girving/trust
http://naml.us/trust
The goal is to make it easy for people to both visualize their own webs of
trust and the webs of trusts of others, without having to install various
scripts and gpg. Hopefully easier pretty pictures will motivate a few more
people to learn about this stuff. This is a first prototype, so apologies for
the lack of explanation on the page and all the bugs (the links are red because
all signature verification fails). Also my web of trust is rather tiny,
currently.
Caveats aside, I have one issue and one request:
The issue: existing keyservers don't implement the CORS protocol
(https://en.wikipedia.org/wiki/Cross-origin_resource_sharing), so javascript
code is disallowed from accessing them directly. Fixing this is a matter of
adding the header "access-control-allow-origin *" to hkp responses.
The request: are there any volunteers happy with me pointing the code at their
keyserver by default? If yes, would you be okay adding the CORS headers? I am
happy to write the patch if someone doesn't beat me to it.
Ideally I would like to eliminate the proxy server and move to pure javascript
once CORS is in place, but if others feel this would cause too much keyserver
spam I can also expand my proxy server to do more caching (which unfortunately
complicates deployment for others wishing to experiment).
Thanks,
Geoffrey
signature.asc
Description: Message signed with OpenPGP using GPGMail
- [Sks-devel] javascript web of trust visualization: CORS and keyserver spam,
Geoffrey Irving <=