--- pgp/doc/keyserv.doc 2018/04/24 16:42:45 1.1.1.4 +++ pgp/doc/keyserv.doc 2018/04/24 16:45:59 1.1.1.5 @@ -1,120 +1,194 @@ -PGP Public Keyservers ---------------------- - -There are PGP public key servers which allow one to exchange public -keys running through the Internet and UUCP mail systems. - -The information below is OUT OF DATE, and the release of PGP 2.6 -will cause a great deal of upheaval, especially in the U.S. -The command reference is the most useful part. - - -NOTE! - -This service is NOT supported in any way whatsoever by the schools or -organizations on which these servers run. It is here only to help -transfer keys between PGP users. It does NOT attempt to guarantee -that a key is a valid key; use the signators on a key for that kind of -security. This service can be discontinued at any time without prior -notification. - -Each keyserver processes requests in the form of mail messages. The -commands for the server are entered on the Subject: line. - - To: pgp-public-keys@pgp.mit.edu - From: johndoe@some.site.edu - Subject: help - -Sending your key to ONE server is enough. After it processes your -key, it will forward your add request to other servers automagically. - -For example, to add your key to the keyserver, or to update your key if it is -already there, send a message similar to the following to any server: - - To: pgp-public-keys@pgp.mit.edu - From: johndoe@some.site.edu - Subject: add - - -----BEGIN PGP PUBLIC KEY BLOCK----- - Version: 2.5 - - - -----END PGP PUBLIC KEY BLOCK----- - -COMPROMISED KEYS: Create a Key Revocation Certificate (read the PGP -docs on how to do that) and mail your key to the server once again, -with the ADD command. - -Valid commands are: - -Command Message body contains ----------------------- ------------------------------------------------- -ADD Your PGP public key (key to add is body of msg) -INDEX List all PGP keys the server knows about (-kv) -VERBOSE INDEX List all PGP keys, verbose format (-kvv) -GET Get the whole public key ring -GET userid Get just that one key -MGET regexp Get all keys which match /regexp/ -LAST days Get the keys updated in the last `days' days ------------------------------------------------------------------------- - -Examples for the MGET command: - - MGET michael Gets all keys which have "michael" in them - MGET iastate All keys which contain "iastate" - MGET F605A5|3A738B Those two keyid's - - -As of 24-Apr-93, these sites are running this system: - -Internet sites: - pgp-public-keys@pgp.mit.edu - Derek Atkins - warlord@MIT.EDU - FTP: toxicwaste.mit.edu:/pub/keys/public-keys.pgp - public-key-server@pgp.ai.mit.edu or - pgp-public-keys@pgp.ai.mit.edu - Brian LaMacchia - public-key-server-request@martigny.ai.mit.edu - http://www-swiss.ai.mit.edu/~bal/pks-toplev.html - pgp-public-keys@pgp.iastate.edu - Michael Graff - explorer@iastate.edu - FTP: pgp.iastate.edu:/usr/explorer/public-keys.pgp - pgp-public-keys@demon.co.uk - Mark Turner - mark@demon.co.uk - FTP: ftp.demon.co.uk:/pub/pgp/pubring.pgp (Updated daily) - pgp-public-keys@fbihh.informatik.uni-hamburg.de - Vesselin V. Bontchev - bontchev@fbihh.informatik.uni-hamburg.de - FTP: ftp.informatik.uni-hamburg.de:/pub/virus/misc/pubkring.pgp - pgp-public-keys@pgp.ox.ac.uk - Paul Leyland - pcl@ox.ac.uk - pgp-public-keys@dsi.unimi.it - David Vincenzetti - vince@dsi.unimi.it - FTP: ghost.dsi.unimi.it:/pub/crypt/public-keys.pgp - pgp-public-keys@kub.nl - Teun Nijssen - teun@kub.nl - pgp-public-keys@ext221.sra.co.jp - Hironobu Suzuki - hironobu@sra.co.jp - pgp-public-keys@sw.oz.au - Jeremy Fitzhardinge - jeremy@sw.oz.au - pgp-public-keys@io.com - Sysop: pgpkeys@wasabi.io.com - FTP: wasabi.io.com:/pub/pgpkeys - pgp-public-keys@kiae.su - blaster@rd.relcom.msk.su - -UUCP site: - pgp-public-keys@jpunix.com - John Perry - perry@jpunix.com - -Check the Usenet newsgroup alt.security.pgp for updates to this system -and for new sites. +PGP Public Keyservers +--------------------- + +There are PGP public key servers which allow one to exchange public +keys running through the Internet and UUCP mail systems. + + +NOTE! + +This service is NOT supported in any way whatsoever by the schools or +organizations on which these servers run. It is here only to help +transfer keys between PGP users. It does NOT attempt to guarantee +that a key is a valid key; use the signators on a key for that kind of +security. This service can be discontinued at any time without prior +notification. + +Each keyserver processes requests in the form of mail messages. The +commands for the server are entered on the Subject: line. + + To: pgp-public-keys@keys.pgp.net + From: johndoe@some.site.edu + Subject: help + +Sending your key to ONE server is enough. After it processes your +key, it will forward your add request to other servers automagically. + +For example, to add your key to the keyserver, or to update your key if it is +already there, send a message similar to the following to any server: + + To: pgp-public-keys@keys.pgp.net + From: johndoe@some.site.edu + Subject: add + + -----BEGIN PGP PUBLIC KEY BLOCK----- + Version: 2.6.3i + + + -----END PGP PUBLIC KEY BLOCK----- + +COMPROMISED KEYS: Create a Key Revocation Certificate (read the PGP +docs on how to do that) and mail your key to the server once again, +with the ADD command. + +Valid commands are: + +Command Message body contains +-------------------------------------------------------------------- +ADD Your PGP public key (key to add is body of msg) (-ka) +INDEX List all PGP keys the server knows about (-kv) +VERBOSE INDEX List all PGP keys, verbose format (-kvv) +GET Get the whole public key ring (-kxa *) +GET Get just that one key (-kxa ) +MGET Get all keys which match +LAST Get all keys uploaded during last days +-------------------------------------------------------------------- + +Examples for the MGET command: + + MGET michael Gets all keys which have "michael" in them + MGET iastate All keys which contain "iastate" + MGET 0AF605A5|683A738B Those two keyids + +If you wish to get the entire key ring and have access to FTP, it +would be a lot more efficient to use FTP rather than e-mail. Using +e-mail, the entire key ring can generate a many part message, which +you will have to reconstruct into a single file before adding it to +your key ring. + + +As of 10-Oct-95, these sites are running this system: + + pgp-public-keys@uit.no + (aka pgp-public-keys@keys.no.pgp.net) + Borge Brunes + + pgp-public-keys@informatik.uni-hamburg.de + (aka pgp-public-keys@keys.de.pgp.net) + Vesselin V. Bontchev + + pgp-public-keys@kub.nl + (aka pgp-public-keys@keys.nl.pgp.net) + Teun Nijssen + + pgp-public-keys@pgp.ox.ac.uk + (aka pgp-public-keys@keys.uk.pgp.net) + Paul Leyland + + pgp-public-keys@pgp.pipex.net + Mark Turner + + pgp-public-keys@dsi.unimi.it + David Vincenzetti + + pgp-public-keys@goliat.upc.es + Alvar Vinacua + + pgp-public-keys@srce.hr + Cedomir Igaly + + pgp-public-keys@kiae.su + + + pgp-public-keys@ext221.sra.co.jp + Hironobu Suzuki + + pgp-public-keys@sw.oz.au + Jeremy Fitzhardinge + + pgp-public-keys@pgp.mit.edu (*) + (aka pgp-public-keys@keys.us.pgp.net) + Derek Atkins + + public-key-server@martigny.ai.mit.edu (*) + Brian A. LaMacchia + + pgp-public-keys@pgp.iastate.edu (*) + Michael Graff + + pgp-public-keys@burn.ucsd.edu (*) + Andy Howard + + pgp-public-keys@pgp.dhp.com (*) + DJ Wipeout + + pgp-public-keys@jpunix.com (*) + John Perry + + pgp-public-keys@gondolin.org (*) + + + (*) Key servers in the USA only accept keys labelled "Version: 2.4" or + later. + +Random keyserver: + + E-mail sent to pgp-public-keys@keys.pgp.net will be sent to a keyserver + randomly chosen from one of: + + pgp-public-keys@keys.de.pgp.net + pgp-public-keys@keys.nl.pgp.net + pgp-public-keys@keys.no.pgp.net + pgp-public-keys@keys.uk.pgp.net + pgp-public-keys@keys.us.pgp.net + +Sites accessible via WWW: + + http://www.service.uit.no/pgp/servruit.eng.html + http://www.cl.cam.ac.uk/PGP/pks-toplev.html + http://www.nic.surfnet.nl/pgp/pks-toplev.html + http://goliat.upc.es/~alvar/pks/pks-toplev.html + http://martigny.ai.mit.edu/~bal/pks-toplev.html + +Key server keyrings accessible via FTP: + + ftp://ftp.uit.no/pub/crypto/pgp/keys/pubring.pgp + ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/pgp/pubkring.pgp + ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/public-keys.pgp + ftp://ftp.ox.ac.uk/pub/crypto/pgp/keys/pubring.pgp + ftp://ftp.sunet.se/pub/security/tools/crypt/pgp/keys/pubring.pgp + ftp://ftp.funet.fi/pub/crypt/cryptography/pgp/keys/pubring.pgp + ftp://pgp.mit.edu/pub/keys/public-keys.pgp + ftp://pgp.iastate.edu/pub/pgp/public-keys.pgp + ftp://burn.ucsd.edu/Crypto/public-keys.pgp + ftp://jpunix.com/pub/PGP/ + +In addition to the "traditional" keyservers, there is a commercial key +registry in operation at four11.com. Four11 Directory Services is set +up primarily as a directory service to assist in searching for people +or groups. Members of the service may have their key certified by +Four11 and placed on their server; a key signature from Four11 +indicates that you have met their signing requirements. At the time +of this writing, they offer "SLED Silver Signatures", which require +identification of the key holder through one of the following: + + - a mailed or faxed driver's license + - a mailed or faxed copy of a passport + - payment for services with a preprinted personal check which cleared + +Send mail to info@four11.com or connect to http://www.four11.com/ for +more information on SLED/Four11 or to search their server. Their +current certification keys may be retrieved by sending mail to +key-pgp-silver@sled.com or by looking up "SLED" on the other +keyservers. + + +Check the Usenet newsgroup alt.security.pgp for updates to this system +and for new sites, or take a look at the PGP FAQ by Jeff Licquia +, available via WWW from: + + http://www.prairienet.org/~jalicqui/pgpfaq.txt + +or via FTP: + + ftp://ftp.prairienet.org/pub/providers/pgp/pgpfaq.txt