Re: [pgp-keyserver-folk] Bigbrother at pgp.uni-mainz.de

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Re: [pgp-keyserver-folk] Bigbrother at pgp.uni-mainz.de

Olaf Gellert
Marcus Holthaus (Logintas) wrote:

> Hi Christoph, folks,
>
> there are two problems in your mail:
> 1. outdated and presumably insecure software
> 2. outdated keyserver list
>
> As for 1.:
> I am interested in a service like this, and I have consulted it
> previously. It used to be handy for debugging. We do run our own
> keyserver (pgpkeys.logintas.ch:11371) and we do have a Nagios up and
> running. So if there is interest, we could take over the monitoring.
[...]

Thanks for the offer. Could be useful, but maybe an
automatic process could do the job (see below)?

> As for 2:
> We would also depend on pgp key server admins to provide us with their
> host names or ips, and e-mail-addresses or sms / mobile phone numbers
> for notification. Correspondance would be using signed and possibly
> encrypted pgp e-mails. We do not expect a load of changes... pgp key
> server population has not seen that much of fluctuation, so
> administrative work would remain low, I hope.
> However, there is a graph on http://www.nongnu.org/sks/ which lists many
> SKS servers. This graph seems to be auto-generated. So there has to be a
> list of servers, or at least a way to create such a list. Anyone any
> idea about this?

The graph is autogenerated. If I remember correctly
this is done using a feature of SKS servers. Each
SKS server provides a statistic web page which lists
(among other stuff) all servers that are in it's sync
list. So you can traverse these servers and build a
list (or a graph) from that.

For an example of a statistic page see:
http://pgpkeys.pca.dfn.de:11371/pks/lookup?op=stats

This is no help for Horrowitz servers. You might
fetch a list of mailsync peers from the SKS statistic
pages, though (and these will probably be Horowitz
servers). That way you might get a quite complete
list of PGP keyservers automatically. How many
non-SKS servers are left, anyway? I feel that most
of the keyservers are SKS nowadays, but that's just
my personal feeling... If you only consider SKS
servers, one could also evaluate the statistic pages of
these for the monitoring.

Monitoring of SKS servers was done already by a script
written by Chris K├╝the. But it seems to be non-functional
right now (http://pyxis.cns.ualberta.ca/cgi-bin/sksnet
gives "forbidden").

Regards, Olaf

--
Dipl.Inform. Olaf Gellert                  PRESECURE (R)
Senior Researcher,                       Consulting GmbH
Phone: (+49) 0700 / PRESECURE           [hidden email]

                        A daily view on Internet Attacks
                        https://www.ecsirt.net/sensornet



_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel