Hello,
I got a question where to find actual gpg keyring of people involved in fsfeurope? I just imported one from savannah.gnu.org but it is either incomplete or invalid. I got few of gpg keys which I cannot find on any keyserver.
so my question is if the is any reason why some of you do not publish public keys to some keyserver for example pgp.mit.edu or any other
Paweł Madej nysander@quanteam.pl wrote: [...]
so my question is if the is any reason why some of you do not publish public keys to some keyserver for example pgp.mit.edu or any other
Keyservers are horribly broken. subkeys.pgp.mit.edu (or something close to that) is better than most, but it's still more reliable to put it on your web page or in a human-maintained keyring.
That reminds me... I'm still alive, so I should lengthen my key expiry.
Hope that explains,
On Sat, 2007-04-14 at 22:25 +0100, MJ Ray wrote:
Paweł Madej nysander@quanteam.pl wrote: [...]
so my question is if the is any reason why some of you do not publish public keys to some keyserver for example pgp.mit.edu or any other
Keyservers are horribly broken. subkeys.pgp.mit.edu (or something close to that) is better than most, but it's still more reliable to put it on your web page or in a human-maintained keyring.
I agree with you about reliability, but it does suck a bit for searching - if you just wanted to search for the GPG key for a given e-mail address, you'd probably have trouble. You end up having to try to find the person's web page, and then seeing if their key is obviously linked.
What has surprised me is that none of the web meta-data people have taken this challenge on. It seems utterly obvious, to me, that this is prime fodder for Friend-of-a-Friend (FOAF), but they don't seem to have done much: in fact, they support signing FOAF descriptions, but not specifying keys / key ids - you still have to look keys up in key servers.
I realise there's an issue with people pretending to be people they're not, but it doesn't seem to be anything different to key servers except people trust key servers more often.
FOAF would also have the advantage of being able to publish keyrings with good structured meta-data, taking advantage of everyone on the keyring being able to publish the data too.
Cheers,
Alex.
On Sat, 14 Apr 2007 23:25, mjr@phonecoop.coop said:
Keyservers are horribly broken. subkeys.pgp.mit.edu (or something
No there are not. It is just that too many folks still stick to pgp.mit.edu instead of using a modern keyserver based on SKS or onak.
subkeys.pgp.net lists all non-broken keyservers but has the disadvantage of not knowing which keyserver is actually used. GPA features this list of working keyservers:
hkp://random.sks.keyserver.penguin.de
You will always get an SKS server. Good choice.
hkp://blackhole.pca.dfn.de hkp://pks.gpg.cz hkp://pgp.cns.ualberta.ca hkp://minsky.surfnet.nl
All SKS; I use the surfnet one.
hkp://keyserver.ubuntu.com hkp://keyserver.pramberger.at http://gpg-keyserver.de http://keyserver.pramberger.at
hkp://subkeys.pgp.net
Easiest URL to remember.
ldap://keyserver.pgp.com
Do not use this one as it does not syncronize with other servers and sends annoying HTML formatted challenges.
hkp://demokeys.gnupg.org
Onak server which does not sync with other servers and is to be used only for test keys. If you want to demonstrate how a keyserver works, just create a key, upload it and get it back from that server. There a quite some keys on it for real testing but there is no backup and the keys may be removed at any time.
Shalom-Salam,
Werner
On 15-Apr-2007, Werner Koch wrote:
On Sat, 14 Apr 2007 23:25, mjr@phonecoop.coop said:
Keyservers are horribly broken. subkeys.pgp.mit.edu (or something
No there are not. It is just that too many folks still stick to pgp.mit.edu instead of using a modern keyserver based on SKS or onak.
subkeys.pgp.net lists all non-broken keyservers but has the disadvantage of not knowing which keyserver is actually used.
I'll corroborate this. Using URL:hkp://subkeys.pgp.net I don't recall ever having a problem fetching or sending keys, nor with the resulting key data.
Dnia niedziela, 15 kwietnia 2007 21:40, Werner Koch napisał:
hkp://subkeys.pgp.net
Thank's for suggesting this one. I've founded on it keys that I couldn't find previously using few keyservers.
So my problem with unpublished public keys probably disappeared, at least I hope so, as I imported all keys I lack until now.
I'm not aware of keyservers but that good one as suggested. In my opinion keyrings are good for small groups of knowing each other people. For wide groups as a fsfeurope is only some automated services like keyserver allow to easily get what you need, and when you need. You don't need to think to go to a site, download new actualised keyring and then import it - for example as it is now at savannah.gnu.org.
So let's all of start using suggested keyservers and everyone who will be in need of new public key will get it.
Mine are there :)
Werner Koch wk@gnupg.org wrote:
On Sat, 14 Apr 2007 23:25, mjr@phonecoop.coop said:
Keyservers are horribly broken. subkeys.pgp.mit.edu (or something
No there are not. [...] GPA features this list of working keyservers:
[...confusing list of keyservers and their quirks...]
Seems horrible to me! GPA may have that, but not everyone uses GTK. If wwwkeys.pgp.net and so many other keyservers are buggy, why hasn't subkeys.pgp.net replaced it and why doesn't GPG default to something else?
+1 to the idea of using FOAF for key identification.
Regards,
On Mon, 16 Apr 2007 01:57, mjr@phonecoop.coop said:
Seems horrible to me! GPA may have that, but not everyone uses GTK.
I don't understand what you are saying. I took this list from the GPA sources just because I know that this list is not too much outdated.
If wwwkeys.pgp.net and so many other keyservers are buggy, why hasn't subkeys.pgp.net replaced it and why doesn't GPG default to something
I can't tell you why people still insist on pgp.mit.edu. Since the keyserver admin's come together back in 2000 we are telling everyone that the old HKS has severe problems and we need to work on better keyserver software. Shortly after this subkeys has been introduced to list the newer or at least patched-to-be-not-that-broken keyservers.
Salam-Shalom,
Werner
On Monday 16 April 2007 10:55, Werner Koch wrote:
On Mon, 16 Apr 2007 01:57, mjr@phonecoop.coop said:
Seems horrible to me! GPA may have that, but not everyone uses GTK.
I don't understand what you are saying. I took this list from the GPA sources just because I know that this list is not too much outdated.
Or in other words: use something like keyserver hkp://random.sks.keyserver.penguin.de in your ~/.gnupg/gpg.conf file. Sometimes a request times out, then I just do it again and usually get a different server that answers.
Now stuff like this works: gpg --keyserver hkp://random.sks.keyserver.penguin.de -search-keys "MJ Ray"
On Tuesday 24 April 2007 12:14, Bernhard Reiter wrote:
Now stuff like this works: gpg --keyserver hkp://random.sks.keyserver.penguin.de -search-keys "MJ Ray"
Should have been gpg --keyserver hkp://random.sks.keyserver.penguin.de --search-keys "MJ Ray" (it was missing a dash in the second option, a paste and copy problem.)
And with the options in place you can directly gpg --search-keys "MJ Ray"