Re: [pgp-keyserver-folk] Bigbrother at pgp.uni-mainz.de
Marcus Holthaus (Logintas) wrote:
> Hi Christoph, folks,
> there are two problems in your mail:
> 1. outdated and presumably insecure software
> 2. outdated keyserver list
> As for 1.:
> I am interested in a service like this, and I have consulted it
> previously. It used to be handy for debugging. We do run our own
> keyserver (pgpkeys.logintas.ch:11371) and we do have a Nagios up and
> running. So if there is interest, we could take over the monitoring.
Thanks for the offer. Could be useful, but maybe an
automatic process could do the job (see below)?
> As for 2:
> We would also depend on pgp key server admins to provide us with their
> host names or ips, and e-mail-addresses or sms / mobile phone numbers
> for notification. Correspondance would be using signed and possibly
> encrypted pgp e-mails. We do not expect a load of changes... pgp key
> server population has not seen that much of fluctuation, so
> administrative work would remain low, I hope.
> However, there is a graph on http://www.nongnu.org/sks/ which lists many
> SKS servers. This graph seems to be auto-generated. So there has to be a
> list of servers, or at least a way to create such a list. Anyone any
> idea about this?
The graph is autogenerated. If I remember correctly
this is done using a feature of SKS servers. Each
SKS server provides a statistic web page which lists
(among other stuff) all servers that are in it's sync
list. So you can traverse these servers and build a
list (or a graph) from that.
This is no help for Horrowitz servers. You might
fetch a list of mailsync peers from the SKS statistic
pages, though (and these will probably be Horowitz
servers). That way you might get a quite complete
list of PGP keyservers automatically. How many
non-SKS servers are left, anyway? I feel that most
of the keyservers are SKS nowadays, but that's just
my personal feeling... If you only consider SKS
servers, one could also evaluate the statistic pages of
these for the monitoring.