querying multiple keyservers

David Shaw dshaw@jabberwocky.com
Wed Apr 23 23:06:02 2003


--3siQDZowHQqNOShm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Apr 23, 2003 at 07:34:15PM +0100, Neil Williams wrote:
Content-Description: signed data
> On Wednesday 23 April 2003 5:15 pm, darren chamberlain wrote:
> > * Todd <Freedom_Lover at pobox.com> [2003-04-23 11:51]:
> > > I know that we could also just maintain a group keyring, but I was
> > > looking to have some fun learning about running pks.
> >
> > What about setting up a local keyserver that syncs against a remote
> > keyserver, and then just simply use that one for everything?
> >
> > (darren)
>=20
> I was thinking of the same thing for my own LUG. Darren, I looked at
> your idea myself but only if the sync was uni-directional. If the
> smaller keyserver sends keys to the main keyservers, the
> functionality of removing keys is lost.
>=20
> How does the keyserver protocol implement the sync? Can it be done
> so that the smaller keyserver only refreshes existing keys and
> doesn't ever send any keys to any other main keyserver. (Along the
> lines of limiting the small keyserver to a function akin to gpg
> --refresh-keys).

Believe it or not, the most common sync protocol is email - each
keyserver emails a bunch of keys to the next.  You can do it one-way
if you want, but there is no current functionality that implements
something akin to --refresh-keys.  You might ask on the
pgp-keyserver-folk@flame.org mailing list.

> Is a keyserver just a public ring with extra software added?

Something like that.  See http://sks.sourceforge.net/ and
http://pks.sourceforge.net/

David

--3siQDZowHQqNOShm
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2rc2 (GNU/Linux)
Comment: http://www.jabberwocky.com/david/keys.asc

iD8DBQE+pwBk4mZch0nhy8kRAnMEAKCjn/24Wrw38lCgqEtgxJ0HSthtQQCfWEMB
mn1GbvL8mgW8W7W/yXW7WHs=
=YmDM
-----END PGP SIGNATURE-----

--3siQDZowHQqNOShm--