|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: PGP kerserver infrastructure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 30 Jun 2000, Eric M. Carroll wrote: > The Internet has been uniquely successful in introducing a namespace, a > hierarchical delegation system, and a root system. We use this system to > locate many services. One common one is email service. We use it > ubiquitously. Noone argues about the "EMail Service Resource Location > Protocol". We use the DNS. End of discussion. Other examples exist, such as > http. Each has a slightly different way to interface to the DNS, but at > least they are defined. Just to restate here: Currently, *all* servers serve *all* keys. Unlike an X.500 directory, it is very difficult to segment PGP keys into directories. How would one do this? Using DNS? Which domain would one choose to use for cataloging the keys? (ex.: My key has multiple email addresses, including quickie.net and pgp.com. Which domain would it be under?) It is the theory that one keyserver (provided it has 100% uptime, and 100% reliable synchronization with the rest of the servers) is sufficient for a person using the PGP Keyserver network. Each server is assumed to hold the entire world's keys. Multiple servers only exist for redundancy and performance benefits. Is this the best method? Probably not. There have been numerous proposals, for segmenting the public key collection, but none have been favored. Given sufficient drive space, this doesn't seem to be a big problem, however. Since the keyserver network could be viewed as simply one server, since each is a mirror of the rest, the only thing we need to focus on if we are to use the current model is how to send the user requesting a key to the closest, fastest keyserver. Directory structures don't play into this. - --Len. __ L. Sassaman System Administrator | Technology Consultant | "Common sense is wrong." icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | --Practical C Programming -----BEGIN PGP SIGNATURE----- Comment: OpenPGP Encrypted Email Preferred. iD8DBQE5XONSPYrxsgmsCmoRAnPiAKC9TmoF0Dw7N8/XZGoXZwXvMJvemwCeMJbD EEBKwu6Zn4rqpHQKGAXuN98= =xAoO -----END PGP SIGNATURE-----
|