North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: PGP kerserver infrastructure

  • From: L. Sassaman
  • Date: Fri Jun 30 14:17:51 2000

Hash: SHA1

On Fri, 30 Jun 2000, Eric M. Carroll wrote:

> The Internet has been uniquely successful in introducing a namespace, a
> hierarchical delegation system, and a root system. We use this system to
> locate many services. One common one is email service. We use it
> ubiquitously. Noone argues about the "EMail Service Resource Location
> Protocol". We use the DNS. End of discussion. Other examples exist, such as
> http. Each has a slightly different way to interface to the DNS, but at
> least they are defined.

Just to restate here:

Currently, *all* servers serve *all* keys. Unlike an X.500 directory, it
is very difficult to segment PGP keys into directories. How would one do
this? Using DNS? Which domain would one choose to use for cataloging the
keys? (ex.: My key has multiple email addresses, including and Which domain would it be under?) 

It is the theory that one keyserver (provided it has 100% uptime, and 100%
reliable synchronization with the rest of the servers) is sufficient for a
person using the PGP Keyserver network. Each server is assumed to hold the
entire world's keys.

Multiple servers only exist for redundancy and performance benefits.

Is this the best method? Probably not. There have been numerous proposals,
for segmenting the public key collection, but none have been
favored. Given sufficient drive space, this doesn't seem to be a big
problem, however.

Since the keyserver network could be viewed as simply one server, since
each is a mirror of the rest, the only thing we need to focus on if we are
to use the current model is how to send the user requesting a key to the
closest, fastest keyserver. Directory structures don't play into this.

- --Len.


L. Sassaman

System Administrator                |  
Technology Consultant               |  "Common sense is wrong." 
icq.. 10735603                      |  
pgp.. finger:// |    --Practical C Programming

Comment: OpenPGP Encrypted Email Preferred.