Update keys.gnupg.net? Re: [Announce] GnuPG 2.2.29 (LTS) released
Andrew Gallagher
andrewg at andrewg.com
Mon Jul 19 12:00:47 CEST 2021
On 19/07/2021 09:21, Bernhard Reiter wrote:
> Am Mittwoch 14 Juli 2021 09:47:35 schrieb Ingo Klöcker:
>> But then again, nobody seems to have noticed
>> that keys.gnupg.net is gone since I don't know when.
>
> I've noticed and it isn't that long gone.
> (I guess several months, the problem with this is, that keys.gnupg.net
> always was not sure to get you to a working server, so you didn't know if it
> was a bad server you were getting or keys.gnupg.net not working at all.)
Indeed. Even with regular spidering of the graph, the sks-keyservers
pools were slow to react to unresponsive servers - and there were
seemingly infinite forms of vague unreliability that didn't trigger
removal from the pool. DNS is too clunky for load balancing. And that's
before considering the (legal and other) issues arising from using your
own domain name to front a service that you have no control over.
> If it wasn't a DNS entry, maybe can can create a round robin one.
I'd strongly caution against DNS round robin for the aforementioned
reasons. Much better to pick a trustworthy, reliable, single (or
properly load-balanced) keyserver and point directly to it.
(If you want to run an actual keyserver that syncs with the rest of the
graph, I'd be happy to help.)
--
Andrew Gallagher
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20210719/c36b8c57/attachment.sig>
More information about the Gnupg-devel
mailing list