[29630] in North American Network Operators' Group
RE: PGP kerserver infrastructure
daemon@ATHENA.MIT.EDU (L. Sassaman)
Fri Jun 30 15:19:32 2000
Date: Fri, 30 Jun 2000 12:15:44 -0700 (PDT)
From: "L. Sassaman" <rabbi@quickie.net>
To: Peter Francis <peter@softaware.com>
Cc: "Eric M. Carroll" <eric.carroll@acm.org>,
Randy Bush <randy@psg.com>, John Fraizer <nanog@EnterZone.Net>,
nanog@merit.edu, pgp-keyserver-folk@flame.org,
"Neil J. McRae" <neil@domino.org>
In-Reply-To: <p04320406b5829ce74c04@[209.85.95.133]>
Message-ID: <Pine.LNX.4.21.QNWS_2.0006301207020.9743-100000@thetis.deor.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, 30 Jun 2000, Peter Francis wrote:
> We are currently running a globally load balanced network with
> dedicated servers available in 15 (and rising) locations in the US and
> Europe. We would be happy to run a number of keyservers on our
> network.
Wonderful!
> We are using the Foundry ServerIron's global server load balancing
> which uses a TCP syn/ack based round trip time metric to direct a
> client to the "closest" site.
>
> Does the key-service answer on a specific TCP port?
Yes. HKP Servers (which use a specialized HTTP connection) generally
listen on tcp 11371. You can look at http://web.mit.edu/marc/www/pks/ for
Marc Horowitz's original pksd, or at http://www.highware.com/main-oks.html
for Highware's OpenKeyServer, or you can go to
http://web.mit.edu/network/pgp.html to get NAI's Certserver. (The version
there is 2.5.1. There is an upgrade version, 2.5.2, that you will need to
patch to: http://www.tis.com/support/hotfix.html).
NAI's Certificate Server only runs on Solaris and NT, but provides an LDAP
and LDAPS interface (389 and 689, respectively by default). LDAP is a
nicer interface for searching keyservers.
> If this sounds feasible please point us at info on how to set up a key-server.
It's a generally straight-forward procedure. Once you have them up and
running, I am sure the folks on the flame.org list will be happy to answer
any questions about replication you might have.
__
L. Sassaman
System Administrator |
Technology Consultant | "Common sense is wrong."
icq.. 10735603 |
pgp.. finger://ns.quickie.net/rabbi | --Practical C Programming
-----BEGIN PGP SIGNATURE-----
Comment: OpenPGP Encrypted Email Preferred.
iD8DBQE5XPHnPYrxsgmsCmoRAtDhAJ4uk4zGK+wBBX1yqJ5rBM0NkSc7TwCg0RJc
W5Qsq+jF3dUu/s1jihcWUb8=
=Zv3w
-----END PGP SIGNATURE-----
