How much load are keyservers willing to handle?

adrelanos adrelanos at riseup.net
Wed Dec 18 23:20:26 CET 2013


Hi,

I am planing to write a script, which will refresh the apt signing key
before updating using "apt-get update". The script might get accepted in
Debian. [1] With my Whonix hat on, it's safe to say, that this script
will be added to Whonix (which is a derivative of Debian).

Writing that script would be much simpler if it could re-use the
existing keyserver infrastructure. Now imagine if this gets added to
Debian, that all users of Debian and all its derivatives will always
refresh their signing key against keyservers? Could keyservers cope up
with the load?

The legal question would be interesting, but don't worry, if you ask me
not to use keyservers for this, I'll use a mechanism outside of keyservers.

Cheers,
adrelanos

[1] http://lists.debian.org/debian-security/2013/12/msg00031.html



More information about the Gnupg-users mailing list