David Shaw dshaw at
Thu Mar 10 14:17:54 CET 2005

On Wed, Mar 09, 2005 at 11:13:55PM -0500, Jason Harris wrote:
> On Wed, Mar 09, 2005 at 09:07:13PM -0500, David Shaw wrote:
> > On Wed, Mar 09, 2005 at 04:43:18PM -0600, David T Kerns wrote:
> > > I've set up a keyserver inside the corporate firewall and am hoping to have
> > > that one system share keys with a public server.
> > > My thoughts are I only have to configure one system to barrel through the
> > > firewall rather than every user on every server in my network.
> > > Certainly I'm not the first one to encounter this. Can anyone point me to
> > > some documentation?
> > 
> > It depends on what kind of keyserver you have set up.  If it's the
> > OpenLDAP sort, then they don't sync with other servers (except in the
> > LDAP sense of sync - and there aren't any public servers that sync
> > that way).  If it's SKS or PKS, then you can sync via email.
> Actually, ldap:// receives syncs. via email
> and sends a nightly email with the day's updates.  (Of course, both
> keyservers remain unsynchronized.)  (Also, I think the older
> software can sync. via sockets, but I don't know that it was ever
> used to sync. and is not the "OpenLDAP sort" of keyserver.  It's one
of the old NAI keyservers.  They're sort of LDAP on the front end, but
not really.  I'm not even sure this is still sold as a product,
actually. runs two keyservers: one NAI and one OpenLDAP.
Bottom line is, they're not the same thing.

> > Your best bet is to subscribe to the pgp-keyserver-folk list at:
> > 
> >
> That one's still broken.  See my first reply for the backup list URL.
> (Don't worry, Thomas just posted the wrong URL too.  :)

This is silly.  If the version of the list is broken, is
there a reason why not to fix it?  And if it isn't going to be fixed,
why not just make a new list (or promote the backup) and be done with
it rather than have two lists, neither being the One True List?


More information about the Gnupg-users mailing list