Recommended keyserver

John Clizbe JPClizbe at comcast.net
Fri Oct 14 04:11:04 CEST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Lares Moreau wrote:
> Is there a recommended(read Endorsed) Keyserver?

There is NO officially recommended or endorsed key server.

> I'm looking at the documentation we have here at gentoo.org and it
> recommends pgp.mit.edu. It has been suggested that this server is old
> and broken.  Is this the case?

pgp.mit.edu works fine for older keys. It runs the PGP Key Server (pks). PKS
does not handle V4 key features well. Notable examples of mangled features
are multiple subkeys, a revoked subkey (tag 0x28), duplicate keyids, direct
key signatures (tag 0x1F), revocation signatures on userids (tag 0x30), or
photo IDs. There is also no development or maintenance being done on the pks
platform. One exception to the pks servers is keyserver.kjsl.com, which has
been patched to not mangle keys; however, it drops photo IDs.

The one PKS server at kjsl.com, the LDAP keyservers (only one is still on
the 'net and it's unsynchronized, ldap://keyserver-legacy.pgp.com), and the
SKS servers handle v4 keys correctly.

The current platform of choice is known as the Synchronizing Key Server
(SKS). It is written to fully comply with OpenPGP specifications.

subkeys.pgp.net is a round-robin DNS lookup of four servers. Three SKS
servers and the server at keyserver.kjsl.com.

The address some of my correspondents and myself and refer to most users is
x-hkp://random.sks.keyserver.penguin.de. It's a round-robin alias that is
updated daily with the operational servers in SKS' universe.

For my own use, I use minsky.surfnet.nl. It's easy for me to remember (Yaron
Minsky wrote SKS and its Gossip protocol.) It's also short to type.
- --
John P. Clizbe                   Inet:   JPClizbe(a)comcast DOT nyet
Golden Bear Networks             PGP/GPG KeyID: 0x608D2A10
"Be who you are and say what you feel because those who mind don't matter
and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3-cvs-3909-2005-10-12 (MingW32)
Comment: When cryptography is outlawed, b25seSBvdXRsYXdzIHdpbGwgdXNlIG
Comment: Be part of the £33t ECHELON -- Use Strong Encryption.
Comment: It's YOUR right - for the time being.
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQCVAwUBQ08Tsr4fmBEYuzc6AQJ9gAP/VoBrVdi/76JIAzug/hkfIPSGVVyH8XZx
EQdc6J3TZsM0ayorw4pJ3WDcjh9FQADvLqXl+Ew1mhQSMN8KXNFTlHTAMufn0bB6
HMpLAcXy9X/pcEMC969fs3pBe+Kir/wMvYVpw4DKYcqRc8FvMVt/y9hklqo6U+tt
m1r5pWHUgmmIPwMFAUNPE7YdBKxKYI0qEBECfPEAoIlabmHAk0bu7o8hryfD9Afu
P7n3AKCLtM0qM/5FUB2e6oiRE3h7gOSElg==
=9SWo
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list