John W. Moore III wrote: > Bjoern Buerger wrote: >> Michael Kallas wrote: >>> hkp://subkeys.pgp.net or hkp://sks.keyserver.penguin.de ? > >> Sorry, the latter is down at the moment. But you can >> try hkp://random.sks.keyserver.penguin.de instead, >> which is a collection of public sks keyservers. All >> of them treat subkeys in a safe way. > > I'd recommend hkp://blackhole.pca.dfn.de
John W. Moore III wrote: > Bjoern Buerger wrote: >> Michael Kallas wrote: >>> hkp://subkeys.pgp.net or hkp://sks.keyserver.penguin.de ? > >> Sorry, the latter is down at the moment. But you can >> try hkp://random.sks.keyserver.penguin.de instead, >> which is a collection of public sks keyservers. All >> of them treat subkeys in a safe way. > > I'd recommend hkp://blackhole.pca.dfn.de I wouldn't, and it has nothing to do with the server choice. Remember, we're discussing automatic key retrieval specified in gpg.conf. One doesn't have a forty server drop-down list to cycle through, so it needs to be a best guess. What if blackhole.pca.dfn.de is down or otherwise unreachable? Or foo.baz.net? Or ...? As Bjoern indicated, sks.keyserver.penguin.de is down at the moment even though it may be the perfect choice otherwise. Recommending a single server also is *not* good net citizenship in a case such as this. It is the type of advice that causes servers to be overloaded with an undue amount of traffic as users take such recommendations as 'Gospel'. Ultimately it's the users that suffer the bottleneck. In the worst case, the administrator takes the machine offline; bandwidth costs money - directing all inquiries to a single server is irresponsible. For a comparison, I'll direct you to the recent case of D-Link, which had all of their routers throughout the world hammering a single NTP server in Denmark for time updates. See http://en.wikipedia.org/wiki/NTP_vandalism#D-Link_and_Poul-Henning_Kamp random.sks.keyserver.penguin.de is a DNS round-robin updated nightly with the currently reachable SKS servers. This removes servers that have been down from consideration. Only if there is trouble that day or at the same time as the query could one worry about the server being unreachable. A round-robin also spreads the load among all servers, and since this is SKS, it really is unimportant which server you use to update or query. random.sks.keyserver.penguin.de provides the best solution of the perennial "which server should I use" question. With keyservers just as with keys, it is best to stick with a default behavior unless you have a clear and sensible reason not to do so. -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A "what's the key to success?" / "two words: good decisions." "what's the key to good decisions?" / "one word: experience." "how do i get experience?" / "two words: bad decisions." "Success is the ability to go from failure to failure without losing your enthusiasm." - Mrs. Patrick Campbell
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
