How much load are keyservers willing to handle?

Jason Harris jharris at widomaker.com
Thu Dec 19 02:04:11 CET 2013


On Wed, Dec 18, 2013 at 10:20:26PM +0000, adrelanos wrote:

> I am planing to write a script, which will refresh the apt signing key
> before updating using "apt-get update". The script might get accepted in
> Debian. [1] With my Whonix hat on, it's safe to say, that this script
> will be added to Whonix (which is a derivative of Debian).
> 
> Writing that script would be much simpler if it could re-use the
> existing keyserver infrastructure. Now imagine if this gets added to
> Debian, that all users of Debian and all its derivatives will always
> refresh their signing key against keyservers? Could keyservers cope up
> with the load?
> 
> The legal question would be interesting, but don't worry, if you ask me
> not to use keyservers for this, I'll use a mechanism outside of keyservers.

> [1] http://lists.debian.org/debian-security/2013/12/msg00031.html

1) setup your own DNS so you can shut things off if anything goes wrong!
	(you can use dyn.com or others, no servers required)
2) probably best discussed on the sks-devel list, Reply-To set accordingly
3) try running your own keyserver(s), SKS is easy enough to deploy

-- 
Jason Harris           |  PGP:  This _is_ PGP-signed, isn't it?
jharris at widomaker.com _|_ Got photons? (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 314 bytes
Desc: not available
URL: </pipermail/attachments/20131218/22b8f5dc/attachment.sig>


More information about the Gnupg-users mailing list