are there any old keyservers still working? or only the new hipster ones? i tried three and no love hkps://pgp.mit.edu hkps://pgp.uni-mainz.de hkps://hkps.pool.sks-keyservers randy
pgp.mit.edu has been sporadically available for me over the last while, but yea AFAIU sks-keyservers shut down after the DoS drama, as did most of the old servers in the pool. I believe keyserver.ubuntu.com generally works and doesn't strip all the signatures and whatnot off keys when they upload. I think the hipster thing to do now, though, is --auto-locate-key with the Web Key Distribution or the DNSSEC Key Distribution mechanism. Matt On 7/21/24 7:25 PM, Randy Bush wrote:
are there any old keyservers still working? or only the new hipster ones? i tried three and no love
hkps://pgp.mit.edu hkps://pgp.uni-mainz.de hkps://hkps.pool.sks-keyservers
randy
I think the hipster thing to do now, though, is --auto-locate-key with the Web Key Distribution or the DNSSEC Key Distribution mechanism.
i have done wkd for a fair while. but some folk like to pull keyrings, so i try to keep them updated. randy --- randy@psg.com `gpg --locate-external-keys --auto-key-locate wkd randy@psg.com` signatures are back, thanks to dmarc header butchery
On Jul 21, 2024, at 19:28, Randy Bush <randy@psg.com> wrote:
I think the hipster thing to do now, though, is --auto-locate-key with the Web Key Distribution or the DNSSEC Key Distribution mechanism.
i have done wkd for a fair while. but some folk like to pull keyrings, so i try to keep them updated.
While wks is nice in theory, easy to set up not everyone has their own control over a domain to do so and sadly decreases the use of pgp in the scope of a broad spectrum of arenas. Places like https://keys.openpgp.org/ let us down even more by requesting verification of the email address used whereas I might want to just use email@dumb.notfound.domain that will never exist and cannot be used with that service just for a specific period of time and project. I hate to say it but I really think pgp could benefit from a blockchain implementation keeping it distributed among peers versus its current status. |dreams
randy
--- randy@psg.com `gpg --locate-external-keys --auto-key-locate wkd randy@psg.com` signatures are back, thanks to dmarc header butchery
On Sun, Jul 21, 2024, 18:31 J. Hellenthal via NANOG <nanog@nanog.org> wrote:
On Jul 21, 2024, at 19:28, Randy Bush <randy@psg.com> wrote:
I think the hipster thing to do now, though, is --auto-locate-key with
the Web Key Distribution or the DNSSEC Key Distribution mechanism.
i have done wkd for a fair while. but some folk like to pull keyrings, so i try to keep them updated.
While wks is nice in theory, easy to set up not everyone has their own control over a domain to do so and sadly decreases the use of pgp in the scope of a broad spectrum of arenas.
Places like https://keys.openpgp.org/ let us down even more by requesting verification of the email address used whereas I might want to just use email@dumb.notfound.domain that will never exist and cannot be used with that service just for a specific period of time and project.
I hate to say it but I really think pgp could benefit from a blockchain implementation keeping it distributed among peers versus its current status.
Sorry, what in the world would blockchain give us? Like sure, it's possible to add another layer of indirection (see rfc 1925), but blockchain doesn't _solve_ any problems, and actively makes pgp/gpg worse. The gpg keyring is _already_ a distributed trust. It would be good to articulate precisely what you see blockchain solving here.
|dreams
randy
--- randy@psg.com `gpg --locate-external-keys --auto-key-locate wkd randy@psg.com` signatures are back, thanks to dmarc header butchery
On Sun, Jul 21, 2024 at 08:29:06PM -0500, J. Hellenthal via NANOG wrote:
I hate to say it but I really think pgp could benefit from a blockchain implementation keeping it distributed among peers versus its current status.
Absent a description of exactly how what you're proposing meaningfully differs from the SKS keyserver network (which was exactly such a distributed system), you're not adding anything useful to the conversation. - Matt
On Sun, 21 Jul 2024 16:25:17 -0700 Randy Bush <randy@psg.com> wrote:
are there any old keyservers still working? or only the new hipster ones? i tried three and no love
The current version of the PGP/GnuPG doc hosted by FIRST.org lists the following additional servers you might try, and appear to be functional upon first glance: * http://pgp.circl.lu/ * https://pgp.surfnet.nl/, * https://keys.openpgp.org/ * https://keyserver.pgp.com/. Also see: https://www.first.org/pgp/An_Introduction_to_PGP-GnuPG_v1.0.pdf John
On Jul 22, 2024, at 10:00, John Kristoff <jtk@dataplane.org> wrote:
keys.openpgp.org is the only key server I’ve ever used, but I’m wondering if it’s one of the “hipster” key servers referred to earlier.
participants (7)
-
Daniel Corbe
-
J. Hellenthal
-
John Kristoff
-
Matt Corallo
-
Matt Palmer
-
Neil Hanlon
-
Randy Bush