Mailing List Archive

On Thu, 22 Oct 1998, Fabio Coatti wrote:

> Is there any keyserver (host) for gpg? Or, better, a simple implementation
> of a keyserver software? I'm thinking about a tiny keyserver for some
> friends, made with a simple web page and/or a mail script using procmail,
> but if someone has already done this....


as the source code for the MIT keyserver is available..perhaps it could be
modified to handle the new properties present in GNUPG?

MIT keyserver source code is availbe via the FAQ section of thier
keyserver. if you can't find it..let me know and i'll post the URL
(it's an ftp)

Robert Guerra <az096@freenet.toronto.on.ca>
WWW Page <http://www.interlog.com/~rguerra/www>
PGP Keys <http://www.geocities.com/CapitolHill/3378/pgpkeys.html>

On Thu, 22 Oct 1998, Fabio Coatti wrote:

> Is there any keyserver (host) for gpg? Or, better, a simple implementation
> of a keyserver software? I'm thinking about a tiny keyserver for some
> friends, made with a simple web page and/or a mail script using procmail,
> but if someone has already done this....

The keyserver that PGP uses is publicly available for your download. In
fact, I snagged a copy of it the other day with the intent of making a
patch for gnupg so you can fetch keys from the key server. Unfortunately
the Horowitz Key Protocol is not documented anywhere that I could find.

The key server is basically a wrapper around a (really big) key ring that
it automatically adds and extracts to.

My company would be willing to dedicate a computer to be the official
gnupg key server (perhaps with chaining to existing pgp key servers for
unknown keys and a more ideal distributed key management infrastructure).

Thoughts? Volunteers?

C=)

--------------------------------------------------------------------------
Heuer's Law: Any feature is a bug unless it can be turned off.
--------------------------------------------------------------------------
Caskey <caskey*technocage.com> /// pager.818.698.2306
TechnoCage Inc. ///| gpg: aiiieeeeeee!!!
--------------------------------------------------------------------------
Early bird gets the worm, but the second mouse gets the cheese.

speaking of keyservers, do people have any ideas about how the
existing designs might be improved? in particular, i am concerned
about some enterprising spammer retreiving addresses from keyservers
and using those to spam. further, if you allow signatures on your key
to be exported, that gives the spammer and automated way of forging a
From: address which you might pay attention to...they could also send
encrypted spam, though at the moment this is probably unlikely due
to the cost of generating the messages.

also i've been wondering about ways to make it easier to go through a
transition from old keys that are about to expire to new keys -- i
don't know if a keyserver can help, but if people have ideas about
these topics (or pointers to references), i'd greatly appreciate
hearing about them.

thanks for your attention.

At 4:05 PM -0700 98/10/22, Caskey L. Dickson wrote:


>The keyserver that PGP uses is publicly available for your download. In
>fact, I snagged a copy of it the other day with the intent of making a
>patch for gnupg so you can fetch keys from the key server. Unfortunately
>the Horowitz Key Protocol is not documented anywhere that I could find.
>
>The key server is basically a wrapper around a (really big) key ring that
>it automatically adds and extracts to.

I think it's a bit more than that as it places certain bits of info in a
database.

>My company would be willing to dedicate a computer to be the official
>gnupg key server (perhaps with chaining to existing pgp key servers for
>unknown keys and a more ideal distributed key management infrastructure).


great. I'm not a programmer, so all i can do is offer to help beta test
the thing.

Here's a bit of info that recently was posted to the pgp-keyserver-list:
(hope it helps)

regards

robert



Mailing-List: contact pgp-keyserver-folk-help@flame.org; run by ezmlm
From: Marcel Waldvogel <mwa@tik.ee.ethz.ch>
Date: Tue, 13 Oct 1998 15:20:16 +0200
To: Robert Guerra <az096@freenet.toronto.on.ca>
Subject: Re: upgrading to pksd 0.93
Cc: pgp-keyserver-folk@flame.org

-----BEGIN PGP SIGNED MESSAGE-----

Maybe we should open a FAQ :-). See the appended mail from Marc
Horowitz introducing 0.9.3. I have also made my set of patches
(list below) available on http://www.tik.ee.ethz.ch/~mwa/pks-patches.tar.gz

- - Adds the notion of "soft errors", i.e. errors that will be reported
back to the user but does not abort the whole transaction or even
crash the process.
- - Backups also work on Solaris 2.6 (where a seek beyond the end of the
file does not grow the file unless data is written there)
- - "kxa" no longer suppresses subkeys
- - Empty/mission From: and Subject: lines no longer crash the daemon.
- - Incrementals no longer contain the disclaimer
- - Some tries at making large "LAST" and "GET" requests work (not too
successful, either pksd or sendmail still run out of memory)
- - "pgpdump" no longer returns a wrong keyid or even crashes on DH/DSS
keys
- - More thorough format testing of a key at submission; some of these
format failures result in soft errors
- - WWW pages now contain correct signature links
- - "pksclient since" now supports relative times (everything changed in
the last n seconds)
- - WWW request source addresses are logged correctly on little endian
machines

- -Marcel

Begin forwarded message:

Mailing-List: contact pgp-keyserver-folk-help@flame.org; run by ezmlm
To: pgp-keyserver-folk@flame.org
Subject: pks 0.9.3 db2test release
From: Marc Horowitz <marc@cygnus.com>
Date: 05 May 1998 19:07:32 -0400

Ok, it's as ready as it's going to get for now. This release isn't
tested as much as I might like, but it will probably deal with large
keyrings better than the 0.9.2 server. I think bulk loading is a
little slower now, but I'm not certain.

Besides integrating db 2.3.16 from sleepycat, I've also integrated a
number of new bug fixes and features which people have sent in. In
particular, pksdctl now has a shutdown command, and pksd.conf has a
max_last parameter to limit the size of last responses. The
documentation could use more work.

You can get the tarball and signature from:

http://www.mit.edu/people/marc/pks/pks-0.9.3db2test.tar.gz
http://www.mit.edu/people/marc/pks/pks-0.9.3db2test.tar.gz.asc

This isn't advertised on the web pages anywhere, yet. I'll be reading
this list to see how things go. Hopefully the new database backend
will prove more reliable than the current one.

If people are feeling really excited, they can send patches to use the
logging and transaction features of the new backend :-)

Marc

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: next

iQCVAwUBNiNTl+q7ynKGIBQHAQFUIgQAkYcgB2THi2o4PmNVT3V+9Fz6Na+D8/or
JNQbbBmgU2vZ9IWdpaUNU5w3Aekfbi53yhbG3Mc6ZJpUydPwBmjw8/ziAES5ZXZm
cr3YXd/UTqDbcSMMIr2CvlWJGH08kl9YIi52DFPEOSZSnlYCTz9FBUwDZW/MDj1g
9C739DB9qe4=
=A7Ve
-----END PGP SIGNATURE-----

Robert Guerra <az096@freenet.toronto.on.ca>
WWW Page <http://www.interlog.com/~rguerra/www>
PGPKeys <http://www.geocities.com/CapitolHill/3378/pgpkeys.html>

On Fri, 23 Oct 1998 sen_ml@eccosys.com wrote:

> also i've been wondering about ways to make it easier to go through a
> transition from old keys that are about to expire to new keys -- i
> don't know if a keyserver can help, but if people have ideas about
> these topics (or pointers to references), i'd greatly appreciate
> hearing about them.

visit: http://www.mit.edu/people/marc/pks/

and you can get information on how to join the pgp-keyserver admin list.


Robert Guerra <az096@freenet.toronto.on.ca>
WWW Page <http://www.interlog.com/~rguerra/www>
PGP Keys <http://www.geocities.com/CapitolHill/3378/pgpkeys.html>