Key Servers - PGP

This is a discussion on Key Servers - PGP ; I have updated the list of public key servers in my PGP pages. The list now includes SKS servers (and a link to find more servers in that network). The list was updated as a result of a test I ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Key Servers

  1. Key Servers

    I have updated the list of public key servers in my PGP pages. The
    list now includes SKS servers (and a link to find more servers in
    that network).

    The list was updated as a result of a test I ran 4-10 September to
    see how well selected servers synchronize with each other.

    I generated several test keys and uploaded one to each of several
    servers. I then timed how long it took each key to reach the other
    servers. Then I updated each test key by adding a new user ID and
    uploaded them. I timed how long it took each updated key to reach
    the other servers. Finally, I revoked all the test keys, again
    uploaded them, and timed how long the revocations took to reach the
    other servers.

    During this test, I deleted several servers from my list because
    they no longer work. One server that had not been synchronizing
    before now synchronizes quite well. Other servers no longer (or
    still fail to) synchronize after 48 hours. I no longer list such
    servers in my main list. I feel non-synchronizing servers should
    be avoided and now list them separately with a warning.

    One outcome of this test is that I no longer have any LDAP key
    servers on my list. In particular, the LDAP keyserver.pgp.com (and
    its alias certserver.pgp.com, operated by PGP Corp.) fails to
    synchronize with other servers. If anyone knows of an LDAP server
    that not only functions but also synchronizes with other servers,
    please let me know.

    See .

    --

    David E. Ross


    I use Mozilla as my Web browser because I want a browser that
    complies with Web standards. See .

  2. Re: Key Servers

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    David Ross wrote in
    news:41429387.5412B5C@nowhere.not:

    > One outcome of this test is that I no longer have any LDAP key
    > servers on my list. In particular, the LDAP keyserver.pgp.com (and
    > its alias certserver.pgp.com, operated by PGP Corp.) fails to
    > synchronize with other servers. If anyone knows of an LDAP server
    > that not only functions but also synchronizes with other servers,
    > please let me know.

    How about LDAP europe.keys.pgp.com? I don't know if it synchs, but it
    seems to be working properly right now (wasn't several days ago when I
    last checked it).

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.1
    Comment: My PGP Page & FAQ: http://www.McCune.cc/PGP.htm

    iQEVAwUBQULnuGDeI9apM77TAQJ/ggf/fwWoZL5ZlBtWYDGLJuXI9gpqnKjZMyZq
    5IUgWSJNpYDASzTsxAYp+QiNMlUNOfrAFk7lXzYmk+mvoCbbA5 oBXIxyCJdSD5/n
    hY7OzspwG4rmI+i4LyNUkWDGgLfZAK/OcLS/yDTd1KLBb80IG7NMkqqzypiJUgoy
    ShZakJvEdj4EF8vohBOejSyYpL1G2wZKLgkbTxjo2k+/XxWlON4ZVz2GsnY5btC3
    V5ERVbIIGzPb8A8BKVz91v5ru7AcSngw6FVPgqDaQQSY8ONhyA P1It0m/NzpOh8a
    yaePKypUkoMKcaQ8gBvuMkT0wessv8CVJp/OGC2QV4ZK2gza4JoMqA==
    =+s/e
    -----END PGP SIGNATURE-----

  3. Re: Key Servers

    Tom McCune wrote:
    >
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > David Ross wrote in
    > news:41429387.5412B5C@nowhere.not:
    >
    > > One outcome of this test is that I no longer have any LDAP key
    > > servers on my list. In particular, the LDAP keyserver.pgp.com (and
    > > its alias certserver.pgp.com, operated by PGP Corp.) fails to
    > > synchronize with other servers. If anyone knows of an LDAP server
    > > that not only functions but also synchronizes with other servers,
    > > please let me know.
    >
    > How about LDAP europe.keys.pgp.com? I don't know if it synchs, but it
    > seems to be working properly right now (wasn't several days ago when I
    > last checked it).

    europe.keys.pgp.com is not synchronizing well. More than 5 days
    after I uploaded my test keys, it has only two of the seven I
    uploaded to other servers. Neither of my two test keys on
    europe.keys.pgp.com are revoked, more than 10 hours after I
    uploaded the revocations, again to other servers.

    europe.keys.pgp.com is actually an alias for horowitz.surfnet.nl,
    which was the only LDAP server I had on the list in my PGP
    options. This was my most preferred server and was to be part of
    my test. Before I uploaded its test key, however, I deleted
    horowitz.surfnet.nl from my PGP options and from my list on my Web
    page when it would not return any keys (even my "real" keys, which
    it had for almost three years). While it now returns my "real"
    keys, it still is not properly synchronizing. If someone later
    determines that horowitz.surfnet.nl is working correctly and
    synchronizing promptly, I will return it to the list on my Web page
    (after I personally test it).

    I noticed that other aliases of horowitz.surfnet.nl are now aliases
    of minsky.surfnet.nl. These are keys.pgpi.net, pgp.surfnet.nl, and
    wwwkeys.nl.pgp.net. However, minsky.surfnet.nl does not seem to
    accept the LDAP protocol. The test key I planned to use for
    horowitz.surfnet.nl I instead used for minsky.surfnet.nl.

    One of the seven test keys was uploaded non-synchronizing
    keyserver.pgp.com. When it failed to propagate to other servers
    after 48 hours, I revoked it on keyserver.pgp.com. An eighth
    server -- nicpgp1.nic.ad.jp -- was to have also been tested; this
    one seems dead now. Other servers on my Web page that have test
    dates in the range 5-10 September 2004 were queried to ensure all
    my test keys appeared in their correct state (new, updated, or
    revoked) at the time of the query.

    --

    David E. Ross


    I use Mozilla as my Web browser because I want a browser that
    complies with Web standards. See .
+ Reply to Thread
« Symmetric encryption: why not use private keys? | Potential PGP weakness with x509 secret key storage in v 7 and 8 »