North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: PGP kerserver infrastructure

  • From: Jeff Haas
  • Date: Thu Jun 29 13:16:29 2000

On Thu, Jun 29, 2000 at 11:29:39AM -0400, Steven M. Bellovin wrote:
> The issue isn't so much network availability -- though a key server 
> designed to meet the needs of NANOG folks is interesting, since they 
> most need to talk to each other when the net isn't working well -- as 
> service availability.  That has all sorts of implications at the 
> application level.

Like RIPE, pgpkey (rfc2726) support is coming to the RADB Real Soon Now.
IRRd (the backend of the RADB) also has had work recently put into
the issue of verifying database synchronization.  This functionality
will be available to the IRRd community in the next release.

But a small (and incomplete) preview:

$ whois -h "!j-*"

Field explanation:


db-name: obvious
mirrorable: whether or not the querant is allowed to mirror this db.
lowest_journal: the starting range at which a mirror can be satisfied.
		always 0 for not-mirrorable.
currentserial: obvious
last_export: for databases that are exported to the ftp area, the last
	     serial number at which the database was exported.  Useful
	     for databases which are updated only periodically and don't
	     need to be mirrored real-time.  (Not implemented yet.)

One of the missing components is the repository object to be
supplied by rps-dist which will allow you to check a secondary
or tertiary mirror's currentserial against the primary repository.
But at the moment, the list published at provides a good start.

Between the current polling mechanism, the planned flooding mechanism
for rpsl-dist and the above for verifying synchronization, using the
IRR may be a reasonable storage location for PGP Keys.

(N.B.: The !j mechanism is a IRRd-only query extension at this point.
 But we are speaking to the other IRR software developers about
 providing similar support.)

> 		--Steve Bellovin

Jeffrey Haas - Merit RSng project - [email protected]