On Sun, Nov 06, 2011 at 10:36:17AM +0000, Peter Lewis wrote: > But yes, this led me to to it. I had previously thought that all the > keyservers > synced with each other at some point, but apparently this isn't the case with > keys.gnupg.net (at least). Sticking my key on that keyserver means that it > behaves as expected. > > [...] > > Yeah, I wonder what the expected behaviour is regarding syncing of keyservers. > I'm sure I read somewhere that uploading to one was supposed to be sufficient.
It should be sufficient in theory - once a key is uploaded to one server, it would propagate to others in several minutes. Unless some servers are broken. For example: [1] > Also, there is a bug in older versions of the SKS key server code that > impairs synchronization from other, non-SKS servers but not synchronization > to others. Among the servers affected are cryptonomicon.mit.edu (pgp.mit.edu, > pgpkeys.mit.edu, www.us.pgp.net), pks.gpg.cz (sks.ms.mff.cuni.cz), and > the.earth.li (wwwkeys.uk.pgp.net), all of which have been removed from the > above list of servers. It has not yet been determined if the problem relates > to which version of the SKS server software is used or is a result of whether > the server is or is not a member of the SKS pool. (One of the keyservers pointed to by 'keys.gnupg.net' happens to be 'pks.gpg.cz'.) Even with the latest software, the SKS pool status page [2] shows some keyservers missing 10, 30, even ~200 keys. There are at least two standard ways of publishing PGP keys as DNS records [3], but I'm not sure if any software besides GnuPG supports them. [1]: http://www.rossde.com/PGP/pgp_keyserv.html [2]: http://sks-keyservers.net/status/ [3]: http://www.gushi.org/make-dns-cert/HOWTO.html -- Mantas M.
