kotovalexarian-likes-gitlab
/
hagrid-keyserver--hagrid
mirror of https://gitlab.com/hagrid-keyserver/hagrid.git
1
0
Fork 0
Code Releases Activity

add about page

This commit is contained in:
Vincent Breitmoser 2019-04-25 17:44:46 +02:00
parent e68cf3cdf2
commit a1c5b9dc5d
No known key found for this signature in database
GPG Key ID: 7BD18320DEADFA11
6 changed files with 193 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
dist/public/assets/site.css vendored
View File

@ -72,6 +72,10 @@ abbr {
color: #444;
}
a {
text-decoration: none;
}
a.brand {
text-decoration: none;
color: #050505;

161
dist/templates/about.html.hbs vendored
View File

@ -1,54 +1,119 @@
{{#> layout }}
<div class="spacer">
<h2>Privacy Policy</h2>
<p style="text-align: left;">
The public keyserver running on keys.openpgp.org processes, stores and
distributes OpenPGP key data. The specific way in which data is processed
differs by type as follows:
<ul>
<li><i class="fa fa-key"></i> <b>Public Key Data</b>
<p>The cryptographic content of OpenPGP keys is not considered personally
identifiable information. This includes specifically <abbr
title="Packet Tags 6 and 14">public key material</abbr>,
<abbr title="Packet Tag 2">self-signatures</abbr>, and <abbr
title="Packet Tag 2">revocation signatures</abbr>.
<p>This OpenPGP keys
<p>This data is not usually collectively available, but may be handed
upon request to third parties for purposes of development or research.
<li><i class="fa fa-envelope"></i> <b>E-Mail Addresses</b>
<p>E-Mail addresses contained in <abbr title="Packet Tag 13">User
IDs</abbr> are personally identifiable information. Special care is
taken to make sure they are used only with consent:
<ul>
<li>Publishing requires <a target="_blank"
href="https://en.wikipedia.org/wiki/Opt-in_email#Confirmed_opt-in_(COI)_/_Double_opt-in_(DOI)">double
opt-in</a> validation, to prove ownership of the address.
<li>Addresses are searchable by exact E-Mail address, but not by
associated name.
<li>Enumeration of addresses is not possible.
<li>Deletion of addresses is possible via simple proof of ownership in
an automated fashion, similar to publication. To unlist an address
where this isn't possible, write to support at keys dot openpgp dot
org.
</ul>
<center><h2>About | <a href="/privacy">Privacy Policy</a> | <a href="/apidoc">API Docs</a></h2></center>
<p>This data is never handed to third parties.
<li><i class="fa fa-user"></i> <b>Other User ID data</b>
<p>Personal data types other than E-Mail addresses, such as <abbr
title="Packet Tag 2">User IDs</abbr> that do not contain E-Mail
addresses, or <abbr title="Packet Tag 17">image attributes</abbr>, are
stripped during upload, and never stored or further processed in any
way.
<p>OpenPGP packet types that were not specifically mentioned above are
stripped during upload, and never stored or further processed in any
way.
</ul>
<p style="text-align: left">Data is never relayed to third parties outside of
what is available from the <a href="/apidoc">public API interfaces</a>, and what is described in
this policy.
<p>
The <tt>keys.openpgp.org</tt> website is a public service for the
distribution and discovery of OpenPGP-compatible keys, commonly
referred to as a "keyserver".
</p>
<p>
<strong><a href="/">&laquo; Back</a></strong>
</p>
<p>
As a user, this means <tt>hkps://keys.openpgp.org</tt> can be used as
a drop-in replacement for other keyservers, where it should offer better
response times.
</p>
<p>
This service is run as a community effort. You can talk to us in #hagrid
on Freenode IRC, also reachable as #hagrid:stratum0.org on Matrix. The
folks who made this come from various projects in the OpenPGP ecosystem
including Sequoia-PGP, OpenKeychain, and Enigmail.
</p>
<p>
Technically, <tt>keys.openpgp.org</tt> runs on the
<a href="https://gitlab.com/sequoia-pgp/hagrid" target="_blank">Hagrid</a>
keyserver software, which is based on
<a href="https://sequoia-pgp.org">Sequoia-PGP</a>. We are hosted on the
<a href="https://eclips.is" target="_blank">eclips.is</a> platform,
a hosting provider focused on Internet Freedom projects, run by
<a href="https://greenhost.net/" target="_blank">Greenhost</a>.
</p>
<center><h3>Goals</h3></center>
<ul>
<li><b>Fast and reliable key distribution</b>
<p>The primary function of <tt>keys.openpgp.org</tt> is the
distribution of updates for OpenPGP public keys. Keys can be
uploaded by anyone, and can then be retrieved by fingerprint.
This allows OpenPGP clients to update keys they already know, in
particular revocations and new subkeys.
</p>
<p>Keys can also be discovered by e-mail, if published by their
owner (see below).</p>
<p>We make it a priority to keep the service fast and reliable.</p>
</li>
<li><b>Key discovery by e-mail address</b>
<p>Users can choose to make a key discoverable for a specific e-mail
address. In order to protect the privacy of our users and
improve the usefulness of the service, some limitations apply:
</p>
<ol>
<li>Only the owner of an e-mail address can make its key discoverable.</li>
<li>Only a single key can be associated with an e-mail address at any one time.</li>
<li>Search is only possible by exact e-mail addresses, not by name or a partial address.</li>
</ol>
<p>Making a key discoverable for an e-mail address requires simple
validation, to prove ownership of the e-mail address. A key
published in this way can be <a href="/vks/manage">deleted</a>
by the owner at any time.
</p>
</li>
<li><b>Preserve user privacy</b>
<p>One of our top priorities is user privacy:
<ul>
<li>We are hosted on
<a href="https://eclips.is" target="_blank">eclips.is</a>,
a hosting provider specifically created to host and
support Internet Freedom efforts. No Cloudflare
involved.</li>
<li>We keep no detailed access logs, only basic operational
usage statistics.</li>
<li>The service can be accessed as a TOR hidden service
(coming SOON).</li>
<li>In the future, we hope to use this platform to
experiment with new mechanisms that improve user
privacy in the OpenPGP ecosystem.</li>
</ul>
</p>
<p>See our <a href="/privacy">Privacy Policy</a> for more details on
how we store and distribute data.</p>
</li>
</ul>
<center><h3>Non-Goals</h3></center>
<ul>
<li><b>Do not distribute spam</b>
<p>Unlike traditional keyservers, <tt>keys.openpgp.org</tt> will
never distribute key material that isn't cryptographically
verified. This protects keys from unwanted spam, and helps
protect the service itself against "denial of service" attacks.
</p>
<p>We also do not distribute "third-party" signatures on keys. These
kinds of signatures were typically used to "sign" the keys of
others, in order to support a "Web of Trust" trust model. This
model as implemented proved ineffective in practice for various
reasons, in particular it allowed attaching arbitrary spam to
any key.
</p>
<p>We are open to alternative approaches that might be implemented
in the future, that avoid this issue.
</p>
</li>
<li><b>We are not a de-facto certification authority</b>
<p>While <tt>keys.openpgp.org</tt> can be used to discover keys
for given e-mail addresses <i>reliably</i>, that does not mean
they are <i>trustworthy</i> in a cryptographic sense.
</p>
<p>That said, we will do what we can to make sure this service is as
reliable and as trustworthy as possible.
</p>
</li>
</ul>
</div>
{{/layout}}

3
dist/templates/apidoc.html.hbs vendored
View File

@ -1,6 +1,7 @@
{{#> layout }}
<div class="spacer">
<h2>API documentation</h2>
<center><h2><a href="/about">About</a> | <a href="/privacy">Privacy Policy</a> | API Docs</h2></center>
<p>
Hagrid implements both the legacy HKP interface, as well as our
native interface, VKS.

1
dist/templates/index.html.hbs vendored
View File

@ -7,7 +7,6 @@
<div class="row">
<p>
Click <a href="/about">here</a> for more information and our privacy policy.
<a href="/apidoc">API documentation.</a>
</p>
</div>
{{/layout}}

68
dist/templates/privacy.html.hbs vendored Normal file
View File

@ -0,0 +1,68 @@
{{#> layout }}
<div class="spacer">
<center><h2><a href="/about">About</a> | Privacy Policy | <a href="/apidoc">API Docs</a></h2></center>
<p style="text-align: left;">
The public keyserver running on keys.openpgp.org processes, stores and
distributes OpenPGP key data. The specific way in which data is processed
differs by type as follows:
<ul>
<li><i class="fa fa-envelope"></i> <b>E-Mail Addresses</b>
<p>E-Mail addresses contained in <abbr title="Packet Tag 13">User
IDs</abbr> are personally identifiable information (PII).
Special care is taken to make sure they are used only with
consent:
<ul>
<li>
Publishing requires <a target="_blank"
href="https://en.wikipedia.org/wiki/Opt-in_email#Confirmed_opt-in_(COI)_/_Double_opt-in_(DOI)">double
opt-in</a> validation, to prove ownership of the
e-mail address in question.
</li>
<li>Addresses are searchable by exact E-Mail address,
but not by associated name.</li>
<li>Enumeration of addresses is not possible.</li>
<li>Deletion of addresses is possible via simple proof
of ownership in an automated fashion, similar to
publication. To unlist an address where this isn't
possible, write to support at keys dot openpgp dot
org.
</li>
</ul>
</p>
<p>This data is never handed to third parties.
</p>
</li>
<li><i class="fa fa-key"></i> <b>Public Key Data</b>
<p>The cryptographic content of OpenPGP keys is not considered personally
identifiable information. This includes specifically
<abbr title="Packet Tags 6 and 14">public key material</abbr>,
<abbr title="Packet Tag 2">self-signatures</abbr>, and
<abbr title="Packet Tag 2">revocation signatures</abbr>.
</p>
<p>This data is not usually collectively available ("as
a dump"), but may be handed upon request to third
parties for purposes of development or research.
</p>
</li>
<li><i class="fa fa-user"></i> <b>Other User ID data</b>
<p>An OpenPGP key may contain personal data other than E-Mail
addresses, such as <abbr title="Packet Tag 2">User IDs</abbr>
that do not contain E-Mail addresses, or <abbr title="Packet
Tag 17">image attributes</abbr>. This data is stripped
during upload and never stored, processed, or distributed in
any way.
</p>
<p>OpenPGP packet types that were not specifically mentioned above are
stripped during upload and never stored, processed or
distributed in any way.
</p>
</li>
</ul>
<p style="text-align: left">Data is never relayed to third parties outside of
what is available from the <a href="/apidoc">public API interfaces</a>, and what is described in
this policy.
</p>
</div>
{{/layout}}

6
src/web/mod.rs
View File

@ -409,6 +409,11 @@ fn about() -> Template {
Template::render("about", templates::General::default())
}
#[get("/privacy")]
fn privacy() -> Template {
Template::render("privacy", templates::General::default())
}
#[get("/apidoc")]
fn apidoc() -> Template {
Template::render("apidoc", templates::General::default())
@ -425,6 +430,7 @@ fn rocket_factory(rocket: rocket::Rocket) -> Result<rocket::Rocket> {
// infra
root,
about,
privacy,
apidoc,
files,
// VKSv1