North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: PGP kerserver infrastructure

  • From: L. Sassaman
  • Date: Fri Jun 30 15:21:15 2000

Hash: SHA1

On Fri, 30 Jun 2000, Peter Francis wrote:

> We are currently running a globally load balanced network with
> dedicated servers available in 15 (and rising) locations in the US and
> Europe.  We would be happy to run a number of keyservers on our
> network.

> We are using the Foundry ServerIron's global server load balancing
> which uses a TCP syn/ack based round trip time metric to direct a
> client to the "closest" site.
> Does the key-service answer on a specific TCP port?

Yes. HKP Servers (which use a specialized HTTP connection) generally
listen on tcp 11371. You can look at for
Marc Horowitz's original pksd, or at
for Highware's OpenKeyServer, or you can go to to get NAI's Certserver. (The version
there is 2.5.1. There is an upgrade version, 2.5.2, that you will need to
patch to:

NAI's Certificate Server only runs on Solaris and NT, but provides an LDAP
and LDAPS interface (389 and 689, respectively by default). LDAP is a
nicer interface for searching keyservers.
> If this sounds feasible please point us at info on how to set up a key-server.

It's a generally straight-forward procedure. Once you have them up and
running, I am sure the folks on the list will be happy to answer
any questions about replication you might have.


L. Sassaman

System Administrator                |  
Technology Consultant               |  "Common sense is wrong." 
icq.. 10735603                      |  
pgp.. finger:// |    --Practical C Programming

Comment: OpenPGP Encrypted Email Preferred.