While the sks-keyservers.net domain and many of the old hostnames that powered it are dead & gone, the actual SKS keyserver network does in fact live on, complete with new & improved DOS mitigations and active development of the underlying server software powering it, Hockeypuck. More information can be found @ https://spider.pgpkeys.eu/ & https://github.com/hockeypuck/hockeypuck respectively. Keyserver.ubuntu.com also exists, but has fallen out of sync with the network and to date has been unwilling to reengage. -T
On Jul 22, 2024, at 05:00, nanog-request@nanog.org wrote:
Message: 15 Date: Sun, 21 Jul 2024 20:23:43 -0400 From: Matt Corallo <nanog@as397444.net <mailto:nanog@as397444.net>> To: Randy Bush <randy@psg.com <mailto:randy@psg.com>>, North American Network Operators' Group <nanog@nanog.org <mailto:nanog@nanog.org>> Subject: Re: pgp keyservers Message-ID: <23baf526-4319-49ba-aa6d-af3460ab925d@as397444.net <mailto:23baf526-4319-49ba-aa6d-af3460ab925d@as397444.net>> Content-Type: text/plain; charset=UTF-8; format=flowed
pgp.mit.edu <http://pgp.mit.edu/> has been sporadically available for me over the last while, but yea AFAIU sks-keyservers shut down after the DoS drama, as did most of the old servers in the pool.
I believe keyserver.ubuntu.com <http://keyserver.ubuntu.com/> generally works and doesn't strip all the signatures and whatnot off keys when they upload.
I think the hipster thing to do now, though, is --auto-locate-key with the Web Key Distribution or the DNSSEC Key Distribution mechanism.
Matt
On 7/21/24 7:25 PM, Randy Bush wrote:
are there any old keyservers still working? or only the new hipster ones? i tried three and no love
hkps://pgp.mit.edu <hkps://pgp.mit.edu> hkps://pgp.uni-mainz.de <hkps://pgp.uni-mainz.de> hkps://hkps.pool.sks-keyservers <hkps://hkps.pool.sks-keyservers>
randy