Mailing List Archive

On Mon, Dec 06, 1999 at 10:41:35PM +0100
Jonas Steverud wrote:

> This sounds like a silly question but where can I find a fast, good
> keyserver in Europe (from Sweden)? I searched the FAQs and
> documentations but found nothing.

$ host -l pgp.net | egrep 'se|se'
ftp.se.pgp.net. A 130.238.4.133
www.se.pgp.net. A 130.238.4.133
ftp.eu.pgp.net. A 128.232.0.33
ftp.eu.pgp.net. A 163.1.2.4
ftp.eu.pgp.net. A 129.242.4.34
ftp.eu.pgp.net. A 131.234.116.2
ftp.eu.pgp.net. A 134.100.14.129
ftp.eu.pgp.net. A 130.149.17.12
ftp.eu.pgp.net. A 130.238.4.133
ftp.eu.pgp.net. A 129.132.119.131
ftp.eu.pgp.net. A 195.64.0.34
wwwkeys.eu.pgp.net. A 195.64.0.35
wwwkeys.eu.pgp.net. A 131.234.104.25
wwwkeys.eu.pgp.net. A 129.142.64.11
wwwkeys.eu.pgp.net. A 129.132.66.33

As you can see, there are no HKP servers in SE. You can use
the wwwkeys.eu.pgp.net but this gives a problem because round-robin DNS
may tell you to use one of the servers which are down at most times
;-)

I'd suggest to look for a stable one. From my experience the
eu servers wwwkeys.ch.pgp.net and blackhole.pca.dfn.de
are quite stable.


--
Werner Koch at guug.de www.gnupg.org keyid 621CC013

On Tue, Dec 07, 1999 at 11:55:45AM +0100
Jonas Steverud wrote:

> Ask him? But in that case I might as well ask for the public key in
> the first place...
>
> % gpg --keyserver wwwkeys.ch.pgp.net --recv-keys email@site.com
> did not work (not very suprising).

This does not work yet because this may yield many keys and some
interactive sesion would be needed.

Th easiest way to handle it is by using HTTP, e.g.
lynx wwwkeys.ch.pgp.net
and then fillout the form presented; you can also get this form and
store it on your local machine. Select then one key, store it in a
file (using the 'p' menu of lynx) and thena run gpg --import on this
file. I clever way to handle this easier is by extending Lynx's
p menu to pipe the data to gpg.


--
Werner Koch at guug.de www.gnupg.org keyid 621CC013

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>>>> "Jonas" == Jonas Steverud
>>>>> "Re: Keyservers in Europe?"
>>>>> 07 Dec 1999 13:43:10 +0100

Jonas> Reqest: Add a section about this in the manual. E.g. "The
Jonas> keyservers are a network of databases which hold peoples
Jonas> public keys. All servers holds the same information. If you
Jonas> know the key ID of a person you can do

Is it true that all key servers hold the same information?

In the recent past I had the distinct impression that key servers
under the influence of Network Associates, including at least one at
mit.edu, do not share with other servers keys placed directly with
them while they do absorb keys from other servers. I believe someone
who should know told me that was a deliberate policy. I am not
in a position to verify this now and hope that I am totally mistaken
or at least that this is no longer true.

Also, at least from time to time, different key servers seem to have
been unable to carry different styles of keys.

A definition of what are "public" key servers might be useful.

Jonas> % gpg --keyserver wwwkeys.ch.pgp.net --recv-keys keyID

Jonas> but if you only have the email address you can query the
Jonas> database.

Jonas> Start you favorite browser and point it at some keyserver
Jonas> and fill out the form. You can either get the public key
Jonas> thru the browser but the webpage will supply the key ID too
Jonas> (see above). The latter might be a slightly higher security
Jonas> level since browser are known security holes[1]. It all
Jonas> depends on your level of paranoia. NOTE! The keyserver
Jonas> might have many keys for the ``same'' address {TODO: How
Jonas> come?}. Be careful with which you choose.

Jonas> To find keyserves, do a ``host -l pgp.net''. Note that
Jonas> round robin DNS is used so you might find diffrent servers
Jonas> when you query the database."

Most/many/all key servers have an email interface which many may find
preferable if for no other reason than that by keeping the mails they
have a clear permanent record of what was done and when. It is IMHO
unfortunate to give the impression that "the web" is the best way to
do everything just because it is there.

jam

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: By Mailcrypt 3.5.4 and Gnu Privacy Guard <http://www.gnupg.org/>

iD8DBQE4TRfcUEvv1b/iXy8RArHjAJ4r9TEP+6AXPh6A+eMwWSq5BDK/5QCfQ99j
6kf95rXnxcqEiwGnQaJTSEU=
=1n0i
-----END PGP SIGNATURE-----

Jonas Steverud wrote:

> Thanks. My second question is now, how do I find out about a key ID
> when the person in question does not supply one? He only says in his
> (signed) articles "PGP key at a keyserver near you".

The signature contains the KeyID - gpg will (when you're on-line and have
a keyserver defined in your options file) automatically connect to it,
download that key and add it to your public keyring. And then verify the
signature of course.

> Ask him? But in that case I might as well ask for the public key in
> the first place...

If you can' it would be better anyway because anyone can put a key on-line
with a fake email address on it. If that person than sends you an encrypted
message and you reply on it and he is able to intercept your message he
might read something that he isn't suposed to (I know, a lot if's, but if
email was uninterceptible, why would you need to encrypt it anyway (safe
storage can also be done with a symmetric cypher only)).

--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP public keys at http://www.xs4all.nl/~johanw/pgpkeys.html