'Re[2]: What keyserver to use'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pgp-keyserver-folk
Subject:    Re[2]: What keyserver to use
From:       Jim Morris <morris () wolfman ! com>
Date:       2003-06-22 17:57:51
[Download RAW message or body]

Hi,

dshaw> When you say "private" keyserver, do you mean something for use within
dshaw> the CryptoRights Foundation, and not for public access?  

Yes this would'nt be a public keyserver, this would be for cryptorights
and its users only. Although there may be many servers it needs to sync
with that are part of the cryptorights key chain.


On Sun, 22 Jun 2003 08:46:21 -0400
David Shaw <dshaw@jabberwocky.com> wrote:

dshaw> -----BEGIN PGP SIGNED MESSAGE-----
dshaw> Hash: SHA1
dshaw> 
dshaw> On Sat, Jun 21, 2003 at 02:00:25PM -0700, Jim Morris wrote:
dshaw> > Hello all,
dshaw> > 
dshaw> > I am working with the CryptoRights Foundation, and we are looking into
dshaw> > running our own private keyserver for GPG and PGP.
dshaw> > 
dshaw> > Preferably I'd like this to run on an OpenBSD platform, but Linux would
dshaw> > also be acceptible.
dshaw> > 
dshaw> > What is the general consensus for which opensource keyserver server we
dshaw> > should use?
dshaw> 
dshaw> I suspect I may surprise some people, but I'm going to advise against
dshaw> using PKS.  PKS, even after all the patches, just has too many
dshaw> problems.  There are - even now - a few key DoS attacks against it
dshaw> with revocations, and while it won't actually mangle multiple-subkey
dshaw> keys any longer, it doesn't properly handle them either.  There are
dshaw> just too many "Yes, but..." statements for PKS.
dshaw> 
dshaw> I recommend using SKS.  http://sks.sourceforge.net.  The language it
dshaw> is written in (ocaml) seems to mortally offend some, but the keyserver
dshaw> works, works correctly, and the only "Yes, but..." is about the
dshaw> language.
dshaw> 
dshaw> When you say "private" keyserver, do you mean something for use within
dshaw> the CryptoRights Foundation, and not for public access?  That may
dshaw> change things a bit.
dshaw> 
dshaw> David
dshaw> -----BEGIN PGP SIGNATURE-----
dshaw> Version: GnuPG v1.2.3rc1 (GNU/Linux)
dshaw> Comment: Key available at http://www.jabberwocky.com/david/keys.asc
dshaw> 
dshaw> iD8DBQE+9aUd4mZch0nhy8kRAkRzAKCOb4oHcVUeZkpeHp8HU2K5eRmoBwCg1rDn
dshaw> XPuMXFjTBimJyKNkAmhvBqU=
dshaw> =+FDJ
dshaw> -----END PGP SIGNATURE-----
dshaw> 

--
Jim Morris morris@wolfman.com

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic