-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
so, thanks to many nanogians, i now have a selection of servers, multi- addressed servers, an ldap server, ... i can try when i need this service. needless to say, i am not impressed. while i guess i can limp along like this, it does not feel like what i would call a production quality service.
Well, the fundamental point you haven't mentioned here is that the PGP keyserver network, past and present, is entirely a volunteer-based service. The exception is the server that NAI runs, since NAI has a vested interest in having a keyserver available for users to access, but even so, there is not as of yet any commercial entity selling access to, or guaranteeing access to, a PGP keyserver (as far as I know -- correct me if I am wrong). One thing I would like to see is more ISPs running keyservers for the use of their customers. A few of them do. Thre are other ways that companies could provide services that involve keyserver access, but I can't go into that here. I attended the Keyserver Managers Symposium in Holland last month. A lot of great ideas were presented, and a lot of problems discussed. One thing is clear, and that is that the current PGP keyserver network needs to be redesigned if it is to scale to another order of magnitude as far as capacity. I expect that we will see good things happen in this regard in the next year or so. - --Len. __ L. Sassaman System Administrator | "Everything looks bad Technology Consultant | if you remember it." icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | --Homer Simpson -----BEGIN PGP SIGNATURE----- Comment: OpenPGP Encrypted Email Preferred. iD8DBQE5V8eIPYrxsgmsCmoRAvx0AJ485IzsUvkqp84yuGLMeOyIBdAOKQCg1K5z k2hLYtQksHPz+e5sz1xS140= =bvS8 -----END PGP SIGNATURE-----
Well, the fundamental point you haven't mentioned here is that the PGP keyserver network, past and present, is entirely a volunteer-based service.
as are almost all the dns root servers. and, despite occasional hysterical whining on this list, they provide a serious production service on which we are all successfully betting our asses. this is not to say that i do not deeply appreciate the current volunteer efforts. but, as we rely more and more on pgp, we need a serious production quality service.
One thing I would like to see is more ISPs running keyservers for the use of their customers.
i wonder if a few of the large providers might be able to field a production quality distributed service. or help the current volunteers to do so.
I attended the Keyserver Managers Symposium in Holland last month. A lot of great ideas were presented, and a lot of problems discussed. One thing is clear, and that is that the current PGP keyserver network needs to be redesigned if it is to scale to another order of magnitude as far as capacity.
plan for a few orders of magnitude.
I expect that we will see good things happen in this regard in the next year or so.
how can providers help? and now, not in the vague future. randy
On Mon, Jun 26, 2000 at 02:23:29PM -0700, Randy Bush wrote:
as are almost all the dns root servers. and, despite occasional hysterical whining on this list, they provide a serious production service on which we are all successfully betting our asses.
I expect that we will see good things happen in this regard in the next year or so.
how can providers help? and now, not in the vague future.
Spend as much as one of the root server providers does, on just PGP service. Can't justify that because it's not as crucial as DNS? Exactly. You want other people to spend millions of dollars to make PGP more convenient for you. Ok, you want that. And I want $73 million. We can both poop in our left hands, wish in our right hands, and see which one fills up first. :-) DNS provides a service everybody knows they want. PGP provides a service not everybody wants, and for which everybody has multiple choices. It's never going to be as robust as DNS, and even at that the A root server lost track of the entire .COM domain just last week. That took entire domains off the 'net for while, for large chunks of us. I couldn't reach Yahoo for several days, for instance. So PGP key serving, which not even all PGP users want or need, was down for you. Is that even a PROBLEM, much less an unreasonable one? It's like complaining that HTTP isn't robust enough because one particular web page isn't where you expected it to be.
Spend as much as one of the root server providers does, on just PGP service.
Can't justify that because it's not as crucial as DNS? Exactly.
You want other people to spend millions of dollars to make PGP more convenient for you. Ok, you want that. And I want $73 million.
uh, your hyperbole is not appropriate considering that i am in a position to put my money where my mouth is. if you're not, that's cool too. bye.
It's never going to be as robust as DNS
hmmm. as secure dns relies on a key distribution service, ....
So PGP key serving, which not even all PGP users want or need, was down for you. Is that even a PROBLEM, much less an unreasonable one?
i think so. clearly ymmv. and that's fine with me, you just don't need to do anything. randy
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 26 Jun 2000, Randy Bush wrote:
Well, the fundamental point you haven't mentioned here is that the PGP keyserver network, past and present, is entirely a volunteer-based service.
as are almost all the dns root servers. and, despite occasional hysterical whining on this list, they provide a serious production service on which we are all successfully betting our asses.
There is a lot more riding on the root servers. People like me think that PGP keyservers are absolutely essential, but there are far more people that would be affected if the root servers were as unreliable as the keyservers.
this is not to say that i do not deeply appreciate the current volunteer efforts. but, as we rely more and more on pgp, we need a serious production quality service.
I definately agree.
i wonder if a few of the large providers might be able to field a production quality distributed service. or help the current volunteers to do so.
I would certainly be willing to corrdinate such an effort, if there is interest.
plan for a few orders of magnitude.
Yes, I know. But my point was that we're at over 1M keys right now, and won't make 10M, (let alone 100M or 1B) I don't think, unless things change.
how can providers help? and now, not in the vague future.
Immediately? Multiple providers could set up a series of servers that all syncronize with each other in a load-balanced system where they all share the same hostname, so that the user doesn't have to search for a working server when one goes down. (That's the short term solution in a nutshell. Interested parties can contact me about this for more info). __ L. Sassaman System Administrator | "Everything looks bad Technology Consultant | if you remember it." icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | --Homer Simpson -----BEGIN PGP SIGNATURE----- Comment: OpenPGP Encrypted Email Preferred. iD8DBQE5WEgJPYrxsgmsCmoRAk+5AKCD5eZR/Ib0vU0SR8RrEGi0S36mCQCgpEUt M/XoZxinApiOWgpi+XIkUFY= =q4mn -----END PGP SIGNATURE-----
On Mon, Jun 26, 2000 at 11:21:54PM -0700, L. Sassaman wrote:
how can providers help? and now, not in the vague future.
Immediately? Multiple providers could set up a series of servers that all syncronize with each other in a load-balanced system where they all share the same hostname, so that the user doesn't have to search for a working server when one goes down.
I'm going to try to keep this operational, but it's hard because you're going to find that support for making a robust keyserver network hinges upon people agreeing that such a service is needed, and many PGP users are going to tell you that such a keyserver violates the PGP trust model. Discussion in detail as to why that's so is seriously off-topic, and so I'm not going to try to defend the point one way or the other; I'm merely commenting that many PGP users will think it's so, and that's enough for the purposes of this discussion. Factor that into your calculations of how much money it's worth it to spend on this.
participants (3)
-
L. Sassaman
-
Randy Bush
-
Shawn McMahon