>> Thankfully there is a practical - if drastic - solution for all
>> OpenPGP users everywhere. Point pool.sks-keyservers.net (and its
>> various aliases) somewhere else. The question is where to and how
>> soon.
> 
> (I am certain Andrew has already considered this: I am making explicit
> what I think Andrew considered to be implicit.)
> 
> The obvious choice there is hkps://keys.openpgp.org.  The problem there
> is keys.openpgp.org is not a drop-in replacement for SKS, and there's a
> tremendous chance of breaking workflows in unpredictable places.
> 

Yes, this is the “how soon”. We are *nowhere near* prepared enough to take that 
step now. But a solution exists (at least in principle) that does not require 
end users to take any action. The big obstacles are:

1. scalability. A non-distributed key service could potentially collapse if 
global hkp(s) traffic was redirected to it. 
2. reliability. There would need to be enough failover capacity in the new 
system to withstand individual server failure. 
3. interoperability. The replacement service would need to be fully compatible 
with all existing clients. DKG’s internet draft shows how hard this will be to 
ensure in practice without simply replicating the problems of the existing 
network. 

We’ve known this day was coming for some time. We’ve just got a fire lit under 
our collective backsides. 

A

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to