|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: PGP kerserver infrastructure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 30 Jun 2000, Peter Francis wrote: > We are currently running a globally load balanced network with > dedicated servers available in 15 (and rising) locations in the US and > Europe. We would be happy to run a number of keyservers on our > network. Wonderful! > We are using the Foundry ServerIron's global server load balancing > which uses a TCP syn/ack based round trip time metric to direct a > client to the "closest" site. > > Does the key-service answer on a specific TCP port? Yes. HKP Servers (which use a specialized HTTP connection) generally listen on tcp 11371. You can look at http://web.mit.edu/marc/www/pks/ for Marc Horowitz's original pksd, or at http://www.highware.com/main-oks.html for Highware's OpenKeyServer, or you can go to http://web.mit.edu/network/pgp.html to get NAI's Certserver. (The version there is 2.5.1. There is an upgrade version, 2.5.2, that you will need to patch to: http://www.tis.com/support/hotfix.html). NAI's Certificate Server only runs on Solaris and NT, but provides an LDAP and LDAPS interface (389 and 689, respectively by default). LDAP is a nicer interface for searching keyservers. > If this sounds feasible please point us at info on how to set up a key-server. It's a generally straight-forward procedure. Once you have them up and running, I am sure the folks on the flame.org list will be happy to answer any questions about replication you might have. __ L. Sassaman System Administrator | Technology Consultant | "Common sense is wrong." icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | --Practical C Programming -----BEGIN PGP SIGNATURE----- Comment: OpenPGP Encrypted Email Preferred. iD8DBQE5XPHnPYrxsgmsCmoRAtDhAJ4uk4zGK+wBBX1yqJ5rBM0NkSc7TwCg0RJc W5Qsq+jF3dUu/s1jihcWUb8= =Zv3w -----END PGP SIGNATURE-----
|