[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] pool.sks-keyservers.net in seahorse
From: |
Daniel Kahn Gillmor |
Subject: |
Re: [Sks-devel] pool.sks-keyservers.net in seahorse |
Date: |
Tue, 29 Mar 2011 14:06:34 -0400 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.15) Gecko/20110309 Icedove/3.1.9 |
On 03/29/2011 01:53 PM, Phil Pennock wrote:
> On 2011-03-29 at 12:14 -0400, Daniel Kahn Gillmor wrote:
>> I don't use seahorse regularly, but i recently convinced them to replace
>> (old, broken, non-syncing) pgp.mit.edu with a pointer to
>> pool.sks-keyservers.net:
>
> Uhm, the pgp.mit.edu which is running SKS and syncing with 10 peers?
yes, and for whatever reason is more than a hundred thousand keys behind
the rest of the pool:
http://pgp.mit.edu:11371/pks/lookup?op=stats
>>> Total number of keys: 2823646
http://sks-keyservers.net/status/
mean number of keys for servers in the pool as of right now:
2928755
I've reported problems with this keyserver before, and they haven't been
fixed. It is not a member of the pool, thanks to kristian's reasonable
consensus-based filtering rules.
I really wish that pgp.mit.edu would either be fully maintained, or
taken offline completely. It occupies an unusual place in the global
keyserver infrastructure due to its conveniently short name and
widespread historical use. But its current state does its users a major
disservice, because they do not receive timely certification updates,
and (more importantly) timely revocations. (for comparison, see the
ongoing discussion in the X.509 world about broken revocation
infrastructure brought to light by the recent comodo compromise).
I'd rather the keyserver report a clear error (e.g. "could not connect")
than serve significantly out-of-date information and claim it is current.
Regards,
--dkg
signature.asc
Description: OpenPGP digital signature
- [Sks-devel] pool.sks-keyservers.net in seahorse, Daniel Kahn Gillmor, 2011/03/29
- Re: [Sks-devel] pool.sks-keyservers.net in seahorse, Phil Pennock, 2011/03/29
- Re: [Sks-devel] pool.sks-keyservers.net in seahorse, David Shaw, 2011/03/29
- Re: [Sks-devel] pool.sks-keyservers.net in seahorse, Phil Pennock, 2011/03/29
- Re: [Sks-devel] pool.sks-keyservers.net in seahorse, Jonathon Weiss, 2011/03/29
- Re: [Sks-devel] pool.sks-keyservers.net in seahorse, David Shaw, 2011/03/29
- Re: [Sks-devel] pool.sks-keyservers.net in seahorse, Javier Henderson, 2011/03/29
- Re: [Sks-devel] pool.sks-keyservers.net in seahorse, David Shaw, 2011/03/29
Re: [Sks-devel] pool.sks-keyservers.net in seahorse,
Daniel Kahn Gillmor <=
Re: [Sks-devel] pool.sks-keyservers.net in seahorse, Robert J. Hansen, 2011/03/29