Problem with keyserver

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Jan 26 23:29:43 CET 2011


On 01/26/2011 05:13 PM, Jerry wrote:
> Thanks, I have added that URL. Now, if I might ask a stupid question,
> is there a specific port number that is used? I just want to make sure
> my firewall is setup correctly. Presently I have it setup to allow any
> port # for those URLs.

hrm, sounds like you are doing some serious fiddling with your settings.
 the names i listed are hostnames, not URLs.  and the DNS round robins
are hostnames that resolve to different IP addresses.  If you're putting
these into some sort of IP-level firewall configuration, please be aware
that the IP addresses of either pool may change frequently and/or
without warning.

The expectation is that HKP keyservers will listen on port 11371, but
port 80 is also widely used:

 https://tools.ietf.org/html/draft-shaw-openpgp-hkp-00#section-2

Note that these are ports that your client (gnupg, presumably) connects
*to* on those machines, not the other way around.

Is your firewall really limiting outbound access like this?  If your
firewall is only limiting inbound access, you should not have to adjust
it to use HKP keyservers.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110126/7c757d21/attachment.pgp>


More information about the Gnupg-users mailing list