keyserver traffic hijacking?
John Clizbe
John at Mozilla-Enigmail.org
Sat Aug 30 18:40:58 CEST 2008
Lawrence Chin wrote:
> I've been confused about one thing. Several days ago when I typed in the
> url http://pool.sks-keyservers.net into my browser, this website called
> www.kim-minh.com kept popping up instead and wouldn't let me go to
> pool.sks-keyservers.net. Is this some sort of traffic hijacking or what?
> Did anyone see the same thing?
Well, what's the problem? There's no 'hijacking' involved -
_THAT'S_How_it's_supposed_to_work_
Kim-Minh's server is usually in the pool, as is mine.
1) pool.sks-keyservers.net is *not* some single machine. It is a collection of
20 server addresses chosen at random from a pool of 30-34 well-connected servers
which is updated twice per day. (See [1])
Because of the way SKS operates, you should consider any and all servers in
pool.sks-keyservers.net to be equivalent, use the pool DNS A record and not
worry about which individual server your OS' resolver code returns to you.
2) Typing http://pool.sks-keyservers.net or, for that matter, http://<any
keyserver name> into a browser will fail a healthy percentage of the time. The
failure is not the fault of the keyserver. Of the 37 SKS servers detailed at
Peter Pramberger's SKS Status page[2], only 14 listen on port 80 in addition to
listening on the SKS default port of 11371.
FWIW, there is no requirement that a SKS server provide an human readable web
page. Most do, but it's not required. If you're set on accessing a server web
page, you must specify the port as well as the specific server, not the
collection name, http://<server name>:11371
[1] http://www.sks-keyservers.net/status/
[2] http://www.pramberger.at/peter/services/keyserver/network/
--
John P. Clizbe Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or
mailto:pgp-public-keys at gingerbear.net?subject=HELP
Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 677 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20080830/62497589/attachment.pgp>
More information about the Gnupg-users
mailing list