keyserver

David Shaw dshaw at jabberwocky.com
Thu Mar 10 14:17:54 CET 2005


On Wed, Mar 09, 2005 at 11:13:55PM -0500, Jason Harris wrote:
> On Wed, Mar 09, 2005 at 09:07:13PM -0500, David Shaw wrote:
> > On Wed, Mar 09, 2005 at 04:43:18PM -0600, David T Kerns wrote:
> 
> > > I've set up a keyserver inside the corporate firewall and am hoping to have
> > > that one system share keys with a public server.
> > > My thoughts are I only have to configure one system to barrel through the
> > > firewall rather than every user on every server in my network.
> > > Certainly I'm not the first one to encounter this. Can anyone point me to
> > > some documentation?
> > 
> > It depends on what kind of keyserver you have set up.  If it's the
> > OpenLDAP sort, then they don't sync with other servers (except in the
> > LDAP sense of sync - and there aren't any public servers that sync
> > that way).  If it's SKS or PKS, then you can sync via email.
> 
> Actually, ldap://horowitz.surfnet.nl:11370 receives syncs. via email
> and sends a nightly email with the day's updates.  (Of course, both
> pgp.com keyservers remain unsynchronized.)  (Also, I think the older
> software can sync. via sockets, but I don't know that it was ever
> used to sync. surfnet.nl and pgp.com.)

horowitz.surfnet.nl is not the "OpenLDAP sort" of keyserver.  It's one
of the old NAI keyservers.  They're sort of LDAP on the front end, but
not really.  I'm not even sure this is still sold as a product,
actually.  pgp.com runs two keyservers: one NAI and one OpenLDAP.
Bottom line is, they're not the same thing.

> > Your best bet is to subscribe to the pgp-keyserver-folk list at:
> > 
> >    http://lists.alt.org/mailman/listinfo/pgp-keyserver-folk
> 
> That one's still broken.  See my first reply for the backup list URL.
> (Don't worry, Thomas just posted the wrong URL too.  :)

This is silly.  If the lists.alt.org version of the list is broken, is
there a reason why not to fix it?  And if it isn't going to be fixed,
why not just make a new list (or promote the backup) and be done with
it rather than have two lists, neither being the One True List?

David



More information about the Gnupg-users mailing list