|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: PGP kerserver infrastructure
Hey, just a thought... does anyone know the "edge" of what say, Americans, are allowed to discuss with , say, non-American's, with respect to crypto... I got zapped for an email to Australia once... (early SSLeay) Just thought someone who was up on the current "state of affairs" might be willing to post. I know some things have changed recently.... Listening..... :) Jeff Haas wrote: > > On Thu, Jun 29, 2000 at 11:29:39AM -0400, Steven M. Bellovin wrote: > > The issue isn't so much network availability -- though a key server > > designed to meet the needs of NANOG folks is interesting, since they > > most need to talk to each other when the net isn't working well -- as > > service availability. That has all sorts of implications at the > > application level. > > Like RIPE, pgpkey (rfc2726) support is coming to the RADB Real Soon Now. > IRRd (the backend of the RADB) also has had work recently put into > the issue of verifying database synchronization. This functionality > will be available to the IRRd community in the next release. > > But a small (and incomplete) preview: > > $ whois -h whois.radb.net "!j-*" > RADB:Y:14679-22498 > ANS:Y:1-5855 > RIPE:N:0-12149653 > APNIC:N:0-240883 > VERIO:Y:1295-3227 > FGC:Y:650-1821 > [snip] > > Field explanation: > > db-name:mirrorable:lowest_journal-currentserial:last_export > > db-name: obvious > mirrorable: whether or not the querant is allowed to mirror this db. > lowest_journal: the starting range at which a mirror can be satisfied. > always 0 for not-mirrorable. > currentserial: obvious > last_export: for databases that are exported to the ftp area, the last > serial number at which the database was exported. Useful > for databases which are updated only periodically and don't > need to be mirrored real-time. (Not implemented yet.) > > One of the missing components is the repository object to be > supplied by rps-dist which will allow you to check a secondary > or tertiary mirror's currentserial against the primary repository. > But at the moment, the list published at > http://www.radb.net/docs/list.html provides a good start. > > Between the current polling mechanism, the planned flooding mechanism > for rpsl-dist and the above for verifying synchronization, using the > IRR may be a reasonable storage location for PGP Keys. > > (N.B.: The !j mechanism is a IRRd-only query extension at this point. > But we are speaking to the other IRR software developers about > providing similar support.) > > > --Steve Bellovin > > -- > Jeffrey Haas - Merit RSng project - [email protected]
|