On 10/08/2015 02:39 PM, Yuri Kanivetsky wrote: > Hi, > > First, the domain name resolves to a bunch of IPs: > ... > > And the list of IPs is not fixed (changes over time), so it must be some > kind of pool (as the name suggests). Then, not all of them ping:
It is a pool. keys.gnupg.net is just an alias for the SKS server pool[1], IIRC. I host a server in this pool and it is set to drop all IPv4 ICMP packets, so will not respond to a ping even though the server is online. It will respond to ICMPv6 pings however. ... > > Then, can't it pick the first IP that works? And what's wrong with this > keyserver? Is it an official one? If such a thing exists, that is. Can > you recommend any other, that have better uptime. AFAICS, there is at > least one IP that doesn't work. And finally, why can't I reproduce it on > the host machine, running Arch Linux with gnupg-2.1.8? The tests in the > email I did on Ubuntu Vivid. > Only servers running SKS 1.1.5 or higher are allowed in the pool. Inclusion in the pool is voluntary, so there aren't any "official" servers, so to speak, but there are criteria for being included in the main pool. These include having a reverse proxy in front of the sks server, the hostname of the server must resolve properly, and the server cannot be missing more than a certain percentage of keys compared to other servers in the pool. The pool is checked every hour and only servers meeting the criteria are included. Using a specific keyserver is generally frowned upon since the pool was created to help distribute the load evenly over the servers. As far as uptime, if the server did not respond during the last check of the pool, it will not be included. So, in rare cases, there may be one or two servers in the pool that are not currently responding, but did so during the last check of the pool. If they do not respond at the next check, they are removed from the main pool. I am also NOT able to reproduce this error on XUbuntu 14.04 x64: gpg (GnuPG) 2.1.8 libgcrypt 1.7.0-beta261 Copyright (C) 2015 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 antony@050415:~/Desktop$ gpg2 --keyserver hkp://keys.gnupg.net --recv-key 0x409B6B1796C275462A1703113804BB82D39DC0E3 gpg: key D39DC0E3: public key "Michal Papis (RVM signing) <mpa...@gmail.com>" imported gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 2 signed: 2 trust: 0-, 0q, 0n, 0m, 0f, 2u gpg: depth: 1 valid: 2 signed: 0 trust: 1-, 0q, 0n, 0m, 1f, 0u gpg: next trustdb check due at 2016-10-28 gpg: Total number processed: 1 gpg: imported: 1 [1]https://sks-keyservers.net/overview-of-pools.php -- Antony Prince Key ID: 0xAF3D4087301B1B19 Fingerprint: 591FF17F7A4AA8D0F659C482AF3D4087301B1B19 URL: https://keyserver.blazrsoft.com
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
