From: Petter Reinholdtsen Date: Wed, 10 Sep 2014 11:15:45 +0000 (+0200) Subject: Generated. X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/commitdiff_plain/3dcbf72b993aeaaff8ace4ad02e21378cbfe8874?hp=664e29a948f20e356de06149be10c64ac3ea9b7b Generated. --- diff --git a/blog/Good_bye_subkeys_pgp_net__welcome_pool_sks_keyservers_net.html b/blog/Good_bye_subkeys_pgp_net__welcome_pool_sks_keyservers_net.html new file mode 100644 index 0000000000..0006f1d4c3 --- /dev/null +++ b/blog/Good_bye_subkeys_pgp_net__welcome_pool_sks_keyservers_net.html @@ -0,0 +1,392 @@ + + + + + Petter Reinholdtsen: Good bye subkeys.pgp.net, welcome pool.sks-keyservers.net + + + + + + +
+

+ Petter Reinholdtsen + +

+ +
+ + +
+
Good bye subkeys.pgp.net, welcome pool.sks-keyservers.net
+
10th September 2014
+

Yesterday, I had the pleasure of attending a talk with the +Norwegian Unix User Group about +the +OpenPGP keyserver pool sks-keyservers.net, and was very happy to +learn that there is a large set of publicly available key servers to +use when looking for peoples public key. So far I have used +subkeys.pgp.net, and some times wwwkeys.nl.pgp.net when the former +were misbehaving, but those days are ended. The servers I have used +up until yesterday have been slow and some times unavailable. I hope +those problems are gone now.

+ +

Behind the round robin DNS entry of the +sks-keyservers.net service +there is a pool of more than 100 keyservers which are checked every +day to ensure they are well connected and up to date. It must be +better than what I have used so far. :)

+ +

Yesterdays speaker told me that the service is the default +keyserver provided by the default configuration in GnuPG, but this do +not seem to be used in Debian. Perhaps it should?

+ +

Anyway, I've updated my ~/.gnupg/options file to now include this +line:

+ +

+keyserver pool.sks-keyservers.net
+

+ +

With GnuPG version 2 one can also locate the keyserver using SRV +entries in DNS. Just for fun, I did just that at work, so now every +user of GnuPG at the University of Oslo should find a OpenGPG +keyserver automatically should their need it:

+ +

+% host -t srv _pgpkey-http._tcp.uio.no
+_pgpkey-http._tcp.uio.no has SRV record 0 100 11371 pool.sks-keyservers.net.
+%
+

+ +

Now if only +the +HKP lookup protocol supported finding signature paths, I would be +very happy. It can look up a given key or search for a user ID, but I +normally do not want that, but to find a trust path from my key to +another key. Given a user ID or key ID, I would like to find (and +download) the keys representing a signature path from my key to the +key in question, to be able to get a trust path between the two keys. +This is as far as I can tell not possible today. Perhaps something +for a future version of the protocol?

+
+ +
Tags: debian, english, personvern, sikkerhet.
+ + +
+ + + + + +

+ Created by Chronicle v4.6 +

+ + + diff --git a/blog/archive/2014/09/09.rss b/blog/archive/2014/09/09.rss new file mode 100644 index 0000000000..02569787b1 --- /dev/null +++ b/blog/archive/2014/09/09.rss @@ -0,0 +1,67 @@ + + + + Petter Reinholdtsen - Entries from September 2014 + Entries from September 2014 + http://people.skolelinux.org/pere/blog/ + + + + Good bye subkeys.pgp.net, welcome pool.sks-keyservers.net + http://people.skolelinux.org/pere/blog/Good_bye_subkeys_pgp_net__welcome_pool_sks_keyservers_net.html + http://people.skolelinux.org/pere/blog/Good_bye_subkeys_pgp_net__welcome_pool_sks_keyservers_net.html + Wed, 10 Sep 2014 13:10:00 +0200 + <p>Yesterday, I had the pleasure of attending a talk with the +<a href="http://www.nuug.no/">Norwegian Unix User Group</a> about +<a href="http://www.nuug.no/aktiviteter/20140909-sks-keyservers/">the +OpenPGP keyserver pool sks-keyservers.net</a>, and was very happy to +learn that there is a large set of publicly available key servers to +use when looking for peoples public key. So far I have used +subkeys.pgp.net, and some times wwwkeys.nl.pgp.net when the former +were misbehaving, but those days are ended. The servers I have used +up until yesterday have been slow and some times unavailable. I hope +those problems are gone now.</p> + +<p>Behind the round robin DNS entry of the +<a href="https://sks-keyservers.net/">sks-keyservers.net</a> service +there is a pool of more than 100 keyservers which are checked every +day to ensure they are well connected and up to date. It must be +better than what I have used so far. :)</p> + +<p>Yesterdays speaker told me that the service is the default +keyserver provided by the default configuration in GnuPG, but this do +not seem to be used in Debian. Perhaps it should?</p> + +<p>Anyway, I've updated my ~/.gnupg/options file to now include this +line:</p> + +<p><blockquote><pre> +keyserver pool.sks-keyservers.net +</pre></blockquote></p> + +<p>With GnuPG version 2 one can also locate the keyserver using SRV +entries in DNS. Just for fun, I did just that at work, so now every +user of GnuPG at the University of Oslo should find a OpenGPG +keyserver automatically should their need it:</p> + +<p><blockquote><pre> +% host -t srv _pgpkey-http._tcp.uio.no +_pgpkey-http._tcp.uio.no has SRV record 0 100 11371 pool.sks-keyservers.net. +% +</pre></blockquote></p> + +<p>Now if only +<a href="http://ietfreport.isoc.org/idref/draft-shaw-openpgp-hkp/">the +HKP lookup protocol</a> supported finding signature paths, I would be +very happy. It can look up a given key or search for a user ID, but I +normally do not want that, but to find a trust path from my key to +another key. Given a user ID or key ID, I would like to find (and +download) the keys representing a signature path from my key to the +key in question, to be able to get a trust path between the two keys. +This is as far as I can tell not possible today. Perhaps something +for a future version of the protocol?</p> + + + + + diff --git a/blog/archive/2014/09/index.html b/blog/archive/2014/09/index.html new file mode 100644 index 0000000000..8d6b082021 --- /dev/null +++ b/blog/archive/2014/09/index.html @@ -0,0 +1,402 @@ + + + + + Petter Reinholdtsen: entries from September 2014 + + + + + + +
+

+ Petter Reinholdtsen + +

+ +
+ + +

Entries from September 2014.

+ +
+
+ Good bye subkeys.pgp.net, welcome pool.sks-keyservers.net +
+
+ 10th September 2014 +
+
+

Yesterday, I had the pleasure of attending a talk with the +Norwegian Unix User Group about +the +OpenPGP keyserver pool sks-keyservers.net, and was very happy to +learn that there is a large set of publicly available key servers to +use when looking for peoples public key. So far I have used +subkeys.pgp.net, and some times wwwkeys.nl.pgp.net when the former +were misbehaving, but those days are ended. The servers I have used +up until yesterday have been slow and some times unavailable. I hope +those problems are gone now.

+ +

Behind the round robin DNS entry of the +sks-keyservers.net service +there is a pool of more than 100 keyservers which are checked every +day to ensure they are well connected and up to date. It must be +better than what I have used so far. :)

+ +

Yesterdays speaker told me that the service is the default +keyserver provided by the default configuration in GnuPG, but this do +not seem to be used in Debian. Perhaps it should?

+ +

Anyway, I've updated my ~/.gnupg/options file to now include this +line:

+ +

+keyserver pool.sks-keyservers.net
+

+ +

With GnuPG version 2 one can also locate the keyserver using SRV +entries in DNS. Just for fun, I did just that at work, so now every +user of GnuPG at the University of Oslo should find a OpenGPG +keyserver automatically should their need it:

+ +

+% host -t srv _pgpkey-http._tcp.uio.no
+_pgpkey-http._tcp.uio.no has SRV record 0 100 11371 pool.sks-keyservers.net.
+%
+

+ +

Now if only +the +HKP lookup protocol supported finding signature paths, I would be +very happy. It can look up a given key or search for a user ID, but I +normally do not want that, but to find a trust path from my key to +another key. Given a user ID or key ID, I would like to find (and +download) the keys representing a signature path from my key to the +key in question, to be able to get a trust path between the two keys. +This is as far as I can tell not possible today. Perhaps something +for a future version of the protocol?

+ +
+
+ + + Tags: debian, english, personvern, sikkerhet. + + +
+
+
+ +

RSS Feed

+ +

+ Created by Chronicle v4.6 +

+ + +