Questions about OpenPGP best practices

Niels Laukens niels at dest-unreach.be
Tue Feb 26 11:03:06 CET 2013


On 2013-02-26 09:14, Daniel Kahn Gillmor wrote:
> On 02/25/2013 11:52 PM, Niels Laukens wrote:
>> I find *.sks-keyservers.net unusable (unfortunately).
>>
>> More often than not, I get this:
>> gpgkeys: HTTP fetch error 7: couldn't connect: End of file
>>
>> tcpdump shows me that the server just closes the connection without an
>> answer.
>> It does work from time to time, so when doing a manual --recv-key, I
>> usually get the key within a few tries. But when using e.g. caff (which
>> does not retry), it's unusable.
> 
> please report this to the sks-devel list, where Kristian has been
> supporting these pools.  I think he would appreciate hearing about the
> problems you're describing:
> 
>  SKS development list <sks-devel at nongnu.org>

OK, I'll take the discussion there.


>> And while pgp.mit.edu might not be the best keyserver, it works... (from
>> my experience at least).
> 
> If your definition of "works" includes staying well-synced with the
> strong set, pgp.mit.edu does not have a great record of working.

My definition of "works" usually is "I want to sign a key / verify a sig
and I don't have the key in my keyring. I need to get it". Up until now,
mit's server was "well enough"-synced to provide me with the data I needed.
But I do agree with the points raised, and want to migrate to a "better"
keyserver. However, I don't want to sacrifice reliability (by a huge
factor) in order to do that.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 906 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130226/97f01aaf/attachment.pgp>


More information about the Gnupg-users mailing list