Can't propagate key through public keyservers
Olaf Gellert
olaf.gellert at intrusion-lab.net
Sat Oct 28 10:15:59 CEST 2006
John Clizbe wrote:
> John W. Moore III wrote:
>> I'd recommend hkp://blackhole.pca.dfn.de
>
> I wouldn't, and it has nothing to do with the server choice.
Well, I would not be so harsh. I guess there are
pretty well connected servers (concerning bandwidth
and reliability of network lines) and not so good
connected or equipped (concerning reliable hardware)
ones. Additionally good connectivity always depends
on where YOU actually are (so have all lines from
the server to your client wide bandwidth? No bottle-
neck in between?). And it might even be that a server
that is reachable from random.sks.keyserver.de is
not reachable from my local client.
> Remember, we're discussing automatic key retrieval specified in gpg.conf. One
> doesn't have a forty server drop-down list to cycle through, so it needs to be a
> best guess.
If you ask me cycling AUTOMATICALLY through a local
list of servers could even be a better thing than
random.sks.keyserver.de, because it let's room for
users choices. So maybe random.sks.keyserver.de is
a reasonable default, but may not always be the best
solution. In a list that is stepped through locally
I could decide to enter serverX.wherever.com as
first, serverY.somewhereelse.org as second and
random.sks.keyserver.de as third choice.
> random.sks.keyserver.penguin.de provides the best
> solution of the perennial "which server should I
> use" question.
So as always: Having or proposing just a single
solution is not a good thing. Have lots of
solutions and let people choose what to use
seems better (and having a good default for
those who are not experienced enough to choose
or who don't care). So the solution
"random.sks.keyserver.de" might be a good
default, but who am I to judge what is the
BEST solution?
Cheers, Olaf
--
Dipl.Inform. Olaf Gellert INTRUSION-LAB.NET
Senior Researcher, www.intrusion-lab.net
PKI - and IDS - Services olaf.gellert at intrusion-lab.net
More information about the Gnupg-users
mailing list