On 03/29/2011 01:53 PM, Phil Pennock wrote: > On 2011-03-29 at 12:14 -0400, Daniel Kahn Gillmor wrote: >> I don't use seahorse regularly, but i recently convinced them to replace >> (old, broken, non-syncing) pgp.mit.edu with a pointer to >> pool.sks-keyservers.net: > > Uhm, the pgp.mit.edu which is running SKS and syncing with 10 peers?
yes, and for whatever reason is more than a hundred thousand keys behind the rest of the pool: http://pgp.mit.edu:11371/pks/lookup?op=stats >>> Total number of keys: 2823646 http://sks-keyservers.net/status/ mean number of keys for servers in the pool as of right now: 2928755 I've reported problems with this keyserver before, and they haven't been fixed. It is not a member of the pool, thanks to kristian's reasonable consensus-based filtering rules. I really wish that pgp.mit.edu would either be fully maintained, or taken offline completely. It occupies an unusual place in the global keyserver infrastructure due to its conveniently short name and widespread historical use. But its current state does its users a major disservice, because they do not receive timely certification updates, and (more importantly) timely revocations. (for comparison, see the ongoing discussion in the X.509 world about broken revocation infrastructure brought to light by the recent comodo compromise). I'd rather the keyserver report a clear error (e.g. "could not connect") than serve significantly out-of-date information and claim it is current. Regards, --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
