New post.

[homepage.git] / blog / archive / 2014 / 09 / 09.rss

<?xml version="1.0" encoding="ISO-8859-1"?>
<rss version='2.0' xmlns:lj='http://www.livejournal.org/rss/lj/1.0/'>
        <channel>
                <title>Petter Reinholdtsen - Entries from September 2014</title>
                <description>Entries from September 2014</description>
                <link>http://people.skolelinux.org/pere/blog/</link>

        
        <item>
                <title>Good bye subkeys.pgp.net, welcome pool.sks-keyservers.net</title>
                <link>http://people.skolelinux.org/pere/blog/Good_bye_subkeys_pgp_net__welcome_pool_sks_keyservers_net.html</link>        
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Good_bye_subkeys_pgp_net__welcome_pool_sks_keyservers_net.html</guid>
                <pubDate>Wed, 10 Sep 2014 13:10:00 +0200</pubDate>
                <description>&lt;p&gt;Yesterday, I had the pleasure of attending a talk with the
&lt;a href=&quot;http://www.nuug.no/&quot;&gt;Norwegian Unix User Group&lt;/a&gt; about
&lt;a href=&quot;http://www.nuug.no/aktiviteter/20140909-sks-keyservers/&quot;&gt;the
OpenPGP keyserver pool sks-keyservers.net&lt;/a&gt;, and was very happy to
learn that there is a large set of publicly available key servers to
use when looking for peoples public key.  So far I have used
subkeys.pgp.net, and some times wwwkeys.nl.pgp.net when the former
were misbehaving, but those days are ended.  The servers I have used
up until yesterday have been slow and some times unavailable.  I hope
those problems are gone now.&lt;/p&gt;

&lt;p&gt;Behind the round robin DNS entry of the
&lt;a href=&quot;https://sks-keyservers.net/&quot;&gt;sks-keyservers.net&lt;/a&gt; service
there is a pool of more than 100 keyservers which are checked every
day to ensure they are well connected and up to date.  It must be
better than what I have used so far. :)&lt;/p&gt;

&lt;p&gt;Yesterdays speaker told me that the service is the default
keyserver provided by the default configuration in GnuPG, but this do
not seem to be used in Debian.  Perhaps it should?&lt;/p&gt;

&lt;p&gt;Anyway, I&#39;ve updated my ~/.gnupg/options file to now include this
line:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
keyserver pool.sks-keyservers.net
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;With GnuPG version 2 one can also locate the keyserver using SRV
entries in DNS.  Just for fun, I did just that at work, so now every
user of GnuPG at the University of Oslo should find a OpenGPG
keyserver automatically should their need it:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
% host -t srv _pgpkey-http._tcp.uio.no
_pgpkey-http._tcp.uio.no has SRV record 0 100 11371 pool.sks-keyservers.net.
%
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;Now if only
&lt;a href=&quot;http://ietfreport.isoc.org/idref/draft-shaw-openpgp-hkp/&quot;&gt;the
HKP lookup protocol&lt;/a&gt; supported finding signature paths, I would be
very happy.  It can look up a given key or search for a user ID, but I
normally do not want that, but to find a trust path from my key to
another key.  Given a user ID or key ID, I would like to find (and
download) the keys representing a signature path from my key to the
key in question, to be able to get a trust path between the two keys.
This is as far as I can tell not possible today.  Perhaps something
for a future version of the protocol?&lt;/p&gt;
</description>
        </item>
        
        </channel>
</rss>