-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 30 Jun 2000, Peter Francis wrote:
We are currently running a globally load balanced network with dedicated servers available in 15 (and rising) locations in the US and Europe. We would be happy to run a number of keyservers on our network.
Wonderful!
We are using the Foundry ServerIron's global server load balancing which uses a TCP syn/ack based round trip time metric to direct a client to the "closest" site.
Does the key-service answer on a specific TCP port?
Yes. HKP Servers (which use a specialized HTTP connection) generally listen on tcp 11371. You can look at http://web.mit.edu/marc/www/pks/ for Marc Horowitz's original pksd, or at http://www.highware.com/main-oks.html for Highware's OpenKeyServer, or you can go to http://web.mit.edu/network/pgp.html to get NAI's Certserver. (The version there is 2.5.1. There is an upgrade version, 2.5.2, that you will need to patch to: http://www.tis.com/support/hotfix.html). NAI's Certificate Server only runs on Solaris and NT, but provides an LDAP and LDAPS interface (389 and 689, respectively by default). LDAP is a nicer interface for searching keyservers.
If this sounds feasible please point us at info on how to set up a key-server.
It's a generally straight-forward procedure. Once you have them up and running, I am sure the folks on the flame.org list will be happy to answer any questions about replication you might have. __ L. Sassaman System Administrator | Technology Consultant | "Common sense is wrong." icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | --Practical C Programming -----BEGIN PGP SIGNATURE----- Comment: OpenPGP Encrypted Email Preferred. iD8DBQE5XPHnPYrxsgmsCmoRAtDhAJ4uk4zGK+wBBX1yqJ5rBM0NkSc7TwCg0RJc W5Qsq+jF3dUu/s1jihcWUb8= =Zv3w -----END PGP SIGNATURE-----