[Enigmail] Verify Public Key Export

John Clizbe John at Mozilla-Enigmail.org
Wed Nov 19 12:31:31 PST 2008 

Faramir wrote:
> Carlos Williams escribió:
>> On Wed, Nov 19, 2008 at 2:08 PM, Faramir <faramir.cl at gmail.com> wrote:
> 
>> Is this option not available with more commonly used key servers? I
> 
>   I don't know... I have the feeling it is not so common...

It's not. It's supported by 3 out of around ~75 SKS servers (35 active and 38
with some problem at last check -18:50 CET/11:50 US/Central). Peter Pramberger
has another status page at
http://www.pramberger.at/peter/services/keyserver/network/ made by spidering the
network.

>> have never heard of this one and don't know how many people really use
>> "gingerbear.net".

No one and everyone. Unless I'm working with someone to debug something, I
prefer folks use pool.sks-keyservers.net. The round-robin lookup can send anyone
 to the server.

>> The key servers I show listed in my 'OpenPGP Preferences' are:
> 
>> subkeys.pgp.net, pool.sks-keyservers.net, pgp.mit.edu, ldap://certserver.pgp.com
> 
>   There are not dumb questions, just dumbs that don't make questions
> (and remains without learning). Ok, maybe there are dumb questions, but
> this one is not one of them.
> 
>   gingerbear.net is a key server that is part of sks network of servers,
> so, if you upload a key to that server, it will send it to the other
> servers in that net... 

I sync with about 1/2 the active SKS servers usually in pool.sks...

> And the interesting thing is pool.sks-keyservers.net is not really a server,
> it is a "list of servers", AFAIK, composed by the list of servers in sks
> network that pass a test about being communicating properly, and also, having
> an almost complete list of the keys in that network (there is some 
> tolerance).

The check is run 2x/day at 05:50 and 18:50 CET (22:50 and 11:50 US/Central). To
be eligible for pool inclusion, the server must 1) be online, and 2) have a key
count within 500 keys of the count on keys.kfwebs.net.

> When you upload (or send a request) to pool.sks..., something select a server
> in a list, and you send your key (or retrieve the key you are requesting)
> from that server. So, maybe, you have used gingerbear.net a lot of times,
> without knowing you was using it.

'something' == chance. There's ~50% chance an online up-to-date server will be
included in the latest update of pool.sks-keyservers.net (20 out of ~40). Then
there is a 5% chance (1 in 20) that a request will actually return that server's
address.

>   The idea about pool.sks... is to provide a list of servers that have
> been checked to be communicating to each other properly, and that are
> known to be "up". If I am not wrong, it also tries to balance the load
> of the servers.

Communicating with each other properly = synchronized. Servers update statistics
at various times during the day, that's why there's the 500 key test.

The "load balancing" is 'mostly random'. More than that requires a very
off-topic discussion of DNS and round-robin lists.

>   So, send the key to gingerbear.net, if the key arrives, it will send
> it to the other servers too.
> 
>   By the way, I suggest to use pool.sks... as your preferred "server",
> since you can know it will never go down (some of the servers in that
> list can go down, but not all at the same time).

If a server in pool.sks... does go down, it's removed on average within 6 hours.
I was offline for a couple weeks earlier this month when I had a weird power
spike take out all the drives (hard, CDROM, flash reader) but leave the
motherboard untouched.

-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 679 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20081119/44493025/attachment.bin>

More information about the Enigmail mailing list