Keyserver refresh period after gpg --send-keys

Jason Harris jharris at widomaker.com
Mon Feb 19 17:51:02 CET 2007 

On Sun, Feb 18, 2007 at 11:31:55PM -0500, David Shaw wrote:
> On Sun, Feb 18, 2007 at 11:11:37PM +0100, Bruno Costacurta wrote:

> > I updated the expiration (via gpg --edit-key using expire option) of my key 
> > and (re)sended it to a keyserver (via gpg --send-keys [my key id]) to 
> > keyserver subkeys.pgp.net.
> > However key is still not updated after few hours.
> > What are normal delays ? 

Keys do get temporarily "trapped" on the SKS keyserver network until
keyserver.kjsl.com copies them over to the rest of the planet.

BTW, your subkey isn't currently usable:

  sub  2048g/0CC897B5 2006-06-11 [subkey]
       Key fingerprint = CCE0 5315 0022 9460 0337  6C6F 4253 1C9A 0CC8 97B5
  sig  0x18  2E604D51 2006-06-11 [skey EXPIRED 2006-12-08] [keybind, hash: type 2, e0 0f]
  sig  0x18  2E604D51 2006-06-11 [skey EXPIRED 2006-12-08] [keybind, hash: type 2, e0 0f]

> There is not an easy answer to that question.  subkeys.pgp.net is not
> actually a keyserver, but rather a collection of (at the moment) 5
> different keyservers.  When you use it, you get one server from the
> pool in a round-robin fashion.  Generally speaking, any given
> keyserver in the pool that you update reflects the update immediately,
> but frequently people update one keyserver in the pool, but then check
> for the update from another server in the pool which hasn't gotten it
> yet.

NB:  I think if GPG printed the IP address of the keyserver it used, it
could end some of this confusion.

Specifically, these were in a batch update from SKS to onak/OpenPKSD/pks/
etc. (all times are TZ=UTC):

  2007-02-06 23:02:08.290952260 display_new_sig: new sig 28 by 2E604D51 added to 2E604D51 Bruno Costacurta <bruno at costac...
  2007-02-06 23:02:08.291023778 display_new_sig: new subkey sig by 2E604D51 added to 2E604D51

these were first seen from pgp.nic.ad.jp:

  2007-02-16 13:41:00.597122207 display_new_sig: new sig 1 by 2E604D51 added to 2E604D51 Bruno Costacurta <bruno at costac...
  2007-02-16 13:41:00.597182829 display_new_sig: new sig 2 by 2E604D51 added to 2E604D51 pubmb02 <pubmb02 at skynet.be>

and these were in another batch update:

  2007-02-18 23:02:27.870255691 display_new_sig: new sig 71 by 2E604D51 added to 2E604D51 Bruno Costacurta <bruno at costac...
  2007-02-18 23:02:27.870319946 display_new_sig: new sig 72 by 2E604D51 added to 2E604D51 pubmb02 <pubmb02 at skynet.be>

-- 
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
jharris at widomaker.com _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 313 bytes
Desc: not available
Url : /pipermail/attachments/20070219/0ef23c22/attachment.pgp

More information about the Gnupg-users mailing list