Hey, just a thought... does anyone know the "edge" of what say, Americans, are allowed to discuss with , say, non-American's, with respect to crypto... I got zapped for an email to Australia once... (early SSLeay) Just thought someone who was up on the current "state of affairs" might be willing to post. I know some things have changed recently.... Listening..... :) Jeff Haas wrote:
On Thu, Jun 29, 2000 at 11:29:39AM -0400, Steven M. Bellovin wrote:
The issue isn't so much network availability -- though a key server designed to meet the needs of NANOG folks is interesting, since they most need to talk to each other when the net isn't working well -- as service availability. That has all sorts of implications at the application level.
Like RIPE, pgpkey (rfc2726) support is coming to the RADB Real Soon Now. IRRd (the backend of the RADB) also has had work recently put into the issue of verifying database synchronization. This functionality will be available to the IRRd community in the next release.
But a small (and incomplete) preview:
$ whois -h whois.radb.net "!j-*" RADB:Y:14679-22498 ANS:Y:1-5855 RIPE:N:0-12149653 APNIC:N:0-240883 VERIO:Y:1295-3227 FGC:Y:650-1821 [snip]
Field explanation:
db-name:mirrorable:lowest_journal-currentserial:last_export
db-name: obvious mirrorable: whether or not the querant is allowed to mirror this db. lowest_journal: the starting range at which a mirror can be satisfied. always 0 for not-mirrorable. currentserial: obvious last_export: for databases that are exported to the ftp area, the last serial number at which the database was exported. Useful for databases which are updated only periodically and don't need to be mirrored real-time. (Not implemented yet.)
One of the missing components is the repository object to be supplied by rps-dist which will allow you to check a secondary or tertiary mirror's currentserial against the primary repository. But at the moment, the list published at http://www.radb.net/docs/list.html provides a good start.
Between the current polling mechanism, the planned flooding mechanism for rpsl-dist and the above for verifying synchronization, using the IRR may be a reasonable storage location for PGP Keys.
(N.B.: The !j mechanism is a IRRd-only query extension at this point. But we are speaking to the other IRR software developers about providing similar support.)
--Steve Bellovin
-- Jeffrey Haas - Merit RSng project - jeffhaas@merit.edu