[PGP-USERS] NAI US Keyserver?

teun Tilburg University pgp-users@cryptorights.org
Wed, 20 Mar 2002 09:51:54 +0100


Jacques wrote:
> "europe.keys.pgp.com" is the NAI European keyserver. It is in the
> Netherlands I believe hosted by Surfnet.nl (University Network).

that is correct; I'm typing this 10 meters away from the server, which is
owned by SURFnet (research network; at 150 customers much bigger than 13 
universities; currently the fastest known network in the world (multi gigabit 
DWDM stuff on Cisco 12000's)). The machine is managed by the computer centre of 
Tilburg University on a contract with SURFnet.
> On the same server we have:
>  [IP:]:
>   pgp.surfnet.nl
>   horowitz.surfnet.nl
>   wwkeys.nl.pgp.net
>   keys.pgpi.net
>   europe.keys.pgp.com
> One can still retrieve keys from there.

That is the DNS view modulo spelling. Actually, on the one machine, two 
keyservers are operational, the traditional Horowitz style server (port 11371) 
and the NAI Certificate Server (port 11370). Any key that arrives at the 
Horowitz server is transfered to the other one, typically within some minutes. 
Every key that arrives at the Cserv is also transferred to the Horowitz server, 
but this is done in a once-per-night all-last-day-keys run. The Horowitz server 
is also synchronized with a dozen+ other Horowitz and keyserver.net servers.

John wrote:

> Keys created late last year (Oct. and November ) were uploaded to Certserve
> and MIT.  They have not made it to several of the UK,NL or German servers I
> tried. 
> Did NAI stop co-coordinating the servers sometime last year?  Does that mean
> we have to go to each server, when its up,  and see if the keys are current
> or should we just follow the S/MIME practice and send the keys along with a
> message.

Until some months ago, I used to run a process that would send all keys 
arriving at the SURFnet servers to the NAI server. This essentially meant that 
any key that arrived in Tilburg would go to all other known keyservers within 
24 hours. When things started to fall apart at NAI, this so called replication 
daemon had to be stopped, as the NAI server no longer accepted incoming 
replication connects. I never got a note about this, but when my queues became 
too huge, I had to give up.

For the big number of keys that were at creation going directly to the NAI 
server (the default in the Windows versions of PGP) the situation has always be 
more complicated. Despite a lot of efforts and much begging, I never got direct 
replication to the SURFnet server, nor could I get daily log extracts of new or 
modified key-ids which would have enabled me to retrieve them. Instead, some 
three or four times per year, Peter Wan and me got a full dump of the NAI 
keyserver database, which we then slowly fed into the network of keyservers.

For some months now, we can no longer get these dumps. My estimate is that some 
100k to 200k keys now are only on the NAI server. If anyone knows how to get 
them, or how to change the NAI DNS in such a way that the SURFnet server 
becomes the default keyserver for Windows PGP, the PGP community would be much 



06/02/00 00:03:00 counted public keys =   936070
01/03/00 00:03:00 counted public keys =   941979
01/04/00 00:03:00 counted public keys =   949112
01/05/00 00:03:01 counted public keys =   955556
01/06/00 00:03:00 counted public keys =   963087
01/07/00 00:03:00 counted public keys =   993008
01/08/00 00:03:00 counted public keys =  1158339
01/09/00 00:03:00 counted public keys =  1163148
01/10/00 00:03:01 counted public keys =  1182723
01/11/00 00:03:00 counted public keys =  1287804
01/12/00 00:03:00 counted public keys =  1296397
01/01/01 00:03:00 counted public keys =  1301504
01/02/01 00:03:00 counted public keys =  1308997
01/03/01 00:03:01 counted public keys =  1317572
01/04/01 00:03:00 counted public keys =  1327014
01/05/01 00:03:00 counted public keys =  1431355
01/06/01 00:03:00 counted public keys =  1457683
01/07/01 00:03:00 counted public keys =  1465986
01/08/01 00:03:00 counted public keys =  1495430
01/09/01 00:03:00 counted public keys =  1571482
01/10/01 00:03:00 counted public keys =  1587789
01/11/01 00:03:00 counted public keys =  1599284
01/12/01 00:03:33 counted public keys =  1607364
01/01/02 00:03:02 counted public keys =  1614164
01/02/02 00:03:00 counted public keys =  1621965
01/03/02 00:03:00 counted public keys =  1629601

Unsubscribe: <mailto:pgp-users-listbot@cryptorights.org?body=unsubscribe>
Automated Help/Info: <mailto:pgp-users-listbot@cryptorights.org?body=help>
List Homepage: <http://cryptorights.org/pgp-users/>
List Admin (human): <mailto:pgp-users-admin-human@cryptorights.org>
Please do not send administrative commands to the list address!  Thanks.