[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PGP Keyservers and 5.0 DSS/D-H Keys...




There are 2 main flavors of pgp key servers, AND 2 main flavors
of pgp.  One keyserver (the Graff keyserver) uses perl + a pgp
binary to manage keys.  This has both a mail & web interface
available for it.  The other keyserver (the Horowitz keyserver)
uses its own data management routines to manage keys & is independent
of a pgp binary (which raises some integrity issues, but is
a big win).  It has a mail interface & runs a server interface
on a preselected unprivileged port.  The newer version (0.9,2) of the
Horowitz server is compatible with the new formats of the pgp 5.0
"packets".

The 2 main flavors of pgp, or pgp binaries, are 2.6.x based,
the old public available version that everyone has, & the new
pgp 5.x version that's just been released by pgp, inc.  A
windows binary is available from the company & a public release
of the source is available & is being worked on.

To address the specific question, the 2.6.x pgp binaries cannot
understand the new pgp 5.0 keys.  They can understand pgp 5.0 keys
if pgp 5.0 has chosen to make rsa-style keys.  So keyservers running
the Graff server using pgp 2.6x binary will reject or ignore new
style pgp keys.  It was a frequent poster to this list, whose 
"add" transaction bounced on ESnet's keyserver, that alerted me to the
appearance of  a beta version of the pgp 5.0 product early this spring.

There are also hybrid key servers; people who use features of both
the Horowitz & Graff key servers.  It appears to me that they mostly
use the pgp binary to get check the cryptographic integrity of
submitted keys.

If you want to read about keyservers, check
http://www-swiss.ai.mit.edu/~bal/pks-faq.html
as well as the pgp pages at mit & pgp.net
If you want to read about the pgp 5.0 effort,
http://www.ifi.uio.no/pgp/

There are also keyserver variants & historical versions of pgp of course.

The Horowitz server & the pgp 5.0 source are both very new.