How much load are keyservers willing to handle?

Jason Harris jharris at
Thu Dec 19 02:04:11 CET 2013

On Wed, Dec 18, 2013 at 10:20:26PM +0000, adrelanos wrote:

> I am planing to write a script, which will refresh the apt signing key
> before updating using "apt-get update". The script might get accepted in
> Debian. [1] With my Whonix hat on, it's safe to say, that this script
> will be added to Whonix (which is a derivative of Debian).
> Writing that script would be much simpler if it could re-use the
> existing keyserver infrastructure. Now imagine if this gets added to
> Debian, that all users of Debian and all its derivatives will always
> refresh their signing key against keyservers? Could keyservers cope up
> with the load?
> The legal question would be interesting, but don't worry, if you ask me
> not to use keyservers for this, I'll use a mechanism outside of keyservers.

> [1]

1) setup your own DNS so you can shut things off if anything goes wrong!
	(you can use or others, no servers required)
2) probably best discussed on the sks-devel list, Reply-To set accordingly
3) try running your own keyserver(s), SKS is easy enough to deploy

Jason Harris           |  PGP:  This _is_ PGP-signed, isn't it?
jharris at _|_ Got photons? (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 314 bytes
Desc: not available
URL: </pipermail/attachments/20131218/22b8f5dc/attachment.sig>

More information about the Gnupg-users mailing list