Update keys.gnupg.net? Re: [Announce] GnuPG 2.2.29 (LTS) released

Andrew Gallagher andrewg at andrewg.com
Mon Jul 19 12:00:47 CEST 2021


On 19/07/2021 09:21, Bernhard Reiter wrote:
> Am Mittwoch 14 Juli 2021 09:47:35 schrieb Ingo Klöcker:
>>   But then again, nobody seems to have noticed
>> that keys.gnupg.net is gone since I don't know when.
> 
> I've noticed and it isn't that long gone.
> (I guess several months, the problem with this is, that keys.gnupg.net
> always was not sure to get you to a working server, so you didn't know if it
> was a bad server you were getting or keys.gnupg.net not working at all.)

Indeed. Even with regular spidering of the graph, the sks-keyservers 
pools were slow to react to unresponsive servers - and there were 
seemingly infinite forms of vague unreliability that didn't trigger 
removal from the pool. DNS is too clunky for load balancing. And that's 
before considering the (legal and other) issues arising from using your 
own domain name to front a service that you have no control over.

> If it wasn't a DNS entry, maybe can can create a round robin one.

I'd strongly caution against DNS round robin for the aforementioned 
reasons. Much better to pick a trustworthy, reliable, single (or 
properly load-balanced) keyserver and point directly to it.

(If you want to run an actual keyserver that syncs with the rest of the 
graph, I'd be happy to help.)

-- 
Andrew Gallagher

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20210719/c36b8c57/attachment.sig>


More information about the Gnupg-devel mailing list