keyserver traffic hijacking?

John Clizbe John at Mozilla-Enigmail.org
Sat Aug 30 18:40:58 CEST 2008


Lawrence Chin wrote:
> I've been confused about one thing. Several days ago when I typed in the
> url http://pool.sks-keyservers.net into my browser, this website called
> www.kim-minh.com kept popping up instead and wouldn't let me go to
> pool.sks-keyservers.net. Is this some sort of traffic hijacking or what?
> Did anyone see the same thing?

Well, what's the problem? There's no 'hijacking' involved -
_THAT'S_How_it's_supposed_to_work_

Kim-Minh's server is usually in the pool, as is mine.

1) pool.sks-keyservers.net is *not* some single machine. It is a collection of
20 server addresses chosen at random from a pool of 30-34 well-connected servers
which is updated twice per day. (See [1])

Because of the way SKS operates, you should consider any and all servers in
pool.sks-keyservers.net to be equivalent, use the pool DNS A record and not
worry about which individual server your OS' resolver code returns to you.

2) Typing http://pool.sks-keyservers.net or, for that matter, http://<any
keyserver name> into a browser will fail a healthy percentage of the time. The
failure is not the fault of the keyserver. Of the 37 SKS servers detailed at
Peter Pramberger's SKS Status page[2], only 14 listen on port 80 in addition to
listening on the SKS default port of 11371.

FWIW, there is no requirement that a SKS server provide an human readable web
page. Most do, but it's not required. If you're set on accessing a server web
page, you must specify the port as well as the specific server, not the
collection name, http://<server name>:11371

[1] http://www.sks-keyservers.net/status/
[2] http://www.pramberger.at/peter/services/keyserver/network/

-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 677 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20080830/62497589/attachment.pgp>


More information about the Gnupg-users mailing list