I've taken a quick initial look at the code, and right
now, I'm planning to support interoperability with this
in cks.
- VAB
---------- Forwarded message ----------
Date: Thu, 26 Sep 2002 23:18:50 -0400
From: Yaron M. Minsky <address@hidden>
To: keyserver-list <address@hidden>
Subject: SKS: The synchronizing keyserver
I'd like to announce the release of a new keyserver, SKS. I've been
quietly working on SKS for the last few months, and it's now in a stage
where I think it's together enough to get some feedback on.
You might wonder why we need a new keyserver at all. After all, the
existing keyservers do a pretty good job, and there are some actively
developed keyservers (namely CKS) that are getting better all the time.
But SKS is meant to address one big weakness shared by all of the
existing PGP keyservers -- replication. Current keyservers rely on a
not-terribly-reliable flooding-based approach. Keys often fail to get
distributed everywhere, and the only current way to repair these
differences is to periodically exchange full database dumps.
SKS takes a very different approach to replication. Instead of using
the kind of flooding approach adopted by PKS, SKS works by directly
comparing the databases and discovering and repairing whatever
differences are found. SKS uses some newly developed algorithms for
making the comparison between databases extremely efficient. In
particular, the cost of reconciling a pair of keyservers is proportional
to the number of keys that differ between them, rather than the size of
the overall database. That means reconcilation is cheap enough to be
done often. By having hosts periodically reconcile with other randomly
selected hosts, updates are quickly "gossiped" throughout the system.
The resulting system is simple to administer, and the replication is
extremely robust.
You can also try querying one of the two publicly-reachable SKS servers.
The web pages for querying those servers are at:
http://sks.dnsalias.net/
-and-
http://sks.dnsalias.net/other_sks.html
(yes, the web pages are hosted on the same server, but the actual sks
servers that the querying is done on are in different places.)
You can get more information about SKS, including some links to papers
describing the reconciliation protocols at:
http://sks.sourceforge.net
and you can download the first release from:
http://sourceforge.net/projects/sks
Any key succesfully submitted to one keyserver should appear on the
other within about a minute.
I'd love to get some feedback from the community. And eventually, I'd
like to find a few brave souls who would be willing to run a few copies
of SKS to build a kind of proto-SKS network. SKS is still new and is
not ready for production. But I'm very committed to getting it there.
Yaron