Re: [Sks-devel] pool.sks-keyservers.net in seahorse

[Daniel Kahn Gillmor]

On 03/29/2011 01:53 PM, Phil Pennock wrote:
> On 2011-03-29 at 12:14 -0400, Daniel Kahn Gillmor wrote:
>> I don't use seahorse regularly, but i recently convinced them to replace
>> (old, broken, non-syncing) pgp.mit.edu with a pointer to
>> pool.sks-keyservers.net:
> 
> Uhm, the pgp.mit.edu which is running SKS and syncing with 10 peers?

yes, and for whatever reason is more than a hundred thousand keys behind
the rest of the pool:

 http://pgp.mit.edu:11371/pks/lookup?op=stats

>>> Total number of keys: 2823646

http://sks-keyservers.net/status/

mean number of keys for servers in the pool as of right now:

  2928755

I've reported problems with this keyserver before, and they haven't been
fixed.  It is not a member of the pool, thanks to kristian's reasonable
consensus-based filtering rules.

I really wish that pgp.mit.edu would either be fully maintained, or
taken offline completely.  It occupies an unusual place in the global
keyserver infrastructure due to its conveniently short name and
widespread historical use.  But its current state does its users a major
disservice, because they do not receive timely certification updates,
and (more importantly) timely revocations.  (for comparison, see the
ongoing discussion in the X.509 world about broken revocation
infrastructure brought to light by the recent comodo compromise).

I'd rather the keyserver report a clear error (e.g. "could not connect")
than serve significantly out-of-date information and claim it is current.

Regards,

        --dkg

signature.asc
Description: OpenPGP digital signature