Keyserver/security bug 1447 (and 1446 too)
Phil Pennock
gnupg-devel at spodhuis.org
Tue Dec 4 10:21:13 CET 2012
On 2012-12-04 at 07:43 +0100, Werner Koch wrote:
> If you want me to delegate keys.gnupg.net to another pool operator
> group, please let me know.
If you want to get out of the issue entirely, I recommend taking a look
at <http://www.sks-keyservers.net/overview-of-pools.php> and pick one to
CNAME to. I suggest "ha.pool.sks-keyservers.net".
My estimate of the attitude of the SKS keyserver operators is that there
is no contention in stating that Kristian's keyserver DNS pools are a de
facto standard. The only other pools in operation that I even know of
are run by me, and they deliberately have obnoxiously long names to
discourage public use.
If you want to avoid tying into SKS and want to maintain closer control
than a CNAME, then the code I use (written in Go) is at
<https://github.com/syscomet/sks_spider> and includes the DNS creation
script in contrib/. It only examines SKS, but if you want to handle
more than that then it's a reasonable starting point.
Regards,
-Phil
More information about the Gnupg-devel
mailing list