mailing list archives
Re: PGP kerserver infrastructure
From: Jeff Haas <jeffhaas () merit edu>
Date: Thu, 29 Jun 2000 13:13:20 -0400
On Thu, Jun 29, 2000 at 11:29:39AM -0400, Steven M. Bellovin wrote:
The issue isn't so much network availability -- though a key server
designed to meet the needs of NANOG folks is interesting, since they
most need to talk to each other when the net isn't working well -- as
service availability. That has all sorts of implications at the
Like RIPE, pgpkey (rfc2726) support is coming to the RADB Real Soon Now.
IRRd (the backend of the RADB) also has had work recently put into
the issue of verifying database synchronization. This functionality
will be available to the IRRd community in the next release.
But a small (and incomplete) preview:
$ whois -h whois.radb.net "!j-*"
mirrorable: whether or not the querant is allowed to mirror this db.
lowest_journal: the starting range at which a mirror can be satisfied.
always 0 for not-mirrorable.
last_export: for databases that are exported to the ftp area, the last
serial number at which the database was exported. Useful
for databases which are updated only periodically and don't
need to be mirrored real-time. (Not implemented yet.)
One of the missing components is the repository object to be
supplied by rps-dist which will allow you to check a secondary
or tertiary mirror's currentserial against the primary repository.
But at the moment, the list published at
http://www.radb.net/docs/list.html provides a good start.
Between the current polling mechanism, the planned flooding mechanism
for rpsl-dist and the above for verifying synchronization, using the
IRR may be a reasonable storage location for PGP Keys.
(N.B.: The !j mechanism is a IRRd-only query extension at this point.
But we are speaking to the other IRR software developers about
providing similar support.)
Jeffrey Haas - Merit RSng project - jeffhaas () merit edu
RE: PGP kerserver infrastructure Roeland M.J. Meyer (Jun 30)
RE: PGP kerserver infrastructure Eric M. Carroll (Jun 30)