PGP key server

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

PGP key server

HG-2
Hello!

A small company of 25-35 people needs to set up PGP for everybody. The
server solution that is offered by PGP corp is too expensive route, so
the individual route has been desided to take. But still some key
management or at least distribution is needed.

Question is: how should the public keys be distributed to the world?
1) Upload them all to the web-server?
2) Upload the "master" key to the web-server and then just have
everybody email their keys to 3rd parties (who can verify the keys as
they are signed with the master)?
3) Set up a own key server using SUSE obviously?
4) Just upload all the keys to some public key sever? Which?

What would you recommend?

--
HG.

--
Check the headers for your unsubscription address
For additional commands, e-mail: [hidden email]
Security-related bug reports go to [hidden email], not here

Reply | Threaded
Open this post in threaded view
|

Re: PGP key server

Kim Johansen - WebDeal AS
Hi,

I would probably upload all public keys to pgp.mit.edu, or set up a own
pgp server for internal use.

--
Best regards

Kim Johansen - WebDeal AS
Linux Systems Administrator
Teknologiveien 22 - 2815 Gjøvik - NORWAY
Phone: +47 61 13 16 50 - ICQ: 262860894
E-mail: [hidden email] - URL: www.webdealhosting.com

---------------------------------
 Affordable Enterprise Services
---------------------------------

HG wrote:

> Hello!
>
> A small company of 25-35 people needs to set up PGP for everybody. The
> server solution that is offered by PGP corp is too expensive route, so
> the individual route has been desided to take. But still some key
> management or at least distribution is needed.
>
> Question is: how should the public keys be distributed to the world?
> 1) Upload them all to the web-server?
> 2) Upload the "master" key to the web-server and then just have
> everybody email their keys to 3rd parties (who can verify the keys as
> they are signed with the master)?
> 3) Set up a own key server using SUSE obviously?
> 4) Just upload all the keys to some public key sever? Which?
>
> What would you recommend?
>


--
Check the headers for your unsubscription address
For additional commands, e-mail: [hidden email]
Security-related bug reports go to [hidden email], not here

Reply | Threaded
Open this post in threaded view
|

Re: PGP key server

Carlos E. R.-2
In reply to this post by HG-2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


The Friday 2006-09-08 at 16:45 +0300, HG wrote:

> 3) Set up a own key server using SUSE obviously?

Yes.

But I don't know how to do that.

> 4) Just upload all the keys to some public key sever? Which?

Any one, keys propagate through servers, they are interconnected.


P.S. I just had a look at "Keyserver.net <http://www.keyserver.net>" which
redirected to "veridis", which mentions it is "Powered by FileCrypt
OpenPGP KeyServer © 2005-2006 Veridis s.a.". It should be a question of
finding that software. It is not in the distro, or I didn't search for it
properly.

- --
Cheers,
       Carlos E. R.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQFFAX19tTMYHG2NR9URAjA8AJ4oGjZDYmghARZQHzB+TxYLUAzgTwCfX0PT
ivmODG/wVod2scPNnEVan8Q=
=2Iwa
-----END PGP SIGNATURE-----


--
Check the headers for your unsubscription address
For additional commands, e-mail: [hidden email]
Security-related bug reports go to [hidden email], not here
Reply | Threaded
Open this post in threaded view
|

Re: PGP key server

Sebastian Uhlig - ICA
In reply to this post by HG-2
Hi,

> A small company of 25-35 people needs to set up PGP for everybody. The
> server solution that is offered by PGP corp is too expensive route, so
> the individual route has been desided to take. But still some key
> management or at least distribution is needed.
>

i haven't tested yet, but maybe ... http://www.g10code.de/


Greetings,
Sebastian

--
Mit freundlichen Grüßen, | ICA - Dr. Uhlig    | Tel.: +49 3303 503341
Sebastian Uhlig          | Brieseallee 39     | Fax:  +49 3303 503343
                         | 16547 Birkenwerder | Internet: www.ica-net.de

--
Check the headers for your unsubscription address
For additional commands, e-mail: [hidden email]
Security-related bug reports go to [hidden email], not here

Reply | Threaded
Open this post in threaded view
|

Re: PGP key server

HG-2
In reply to this post by HG-2
Hi!

On 9/8/06, Kim Johansen - WebDeal AS <[hidden email]> wrote:
> Hi,
>
> I would probably upload all public keys to pgp.mit.edu, or set up a own
> pgp server for internal use.

For internal use I do not think I need a key server, more for the
customers and 3rd parties that need to communicate using encryption.

As somebody said, there doesn't seem to be any PGP servers easily
available for SUSE. So it'll be quite a jub to get it up and running -
if I'll even find one. So, I guess the route will be the public PGP
servers.

I'm thinking of setting up one "company master key" that I'll use to
sign everybody's keys. I think I should upload that key to the key
servers. Right? Anything to consider there? The users can then either
upload their keys or not.

--
HG.

--
Check the headers for your unsubscription address
For additional commands, e-mail: [hidden email]
Security-related bug reports go to [hidden email], not here

Reply | Threaded
Open this post in threaded view
|

Re: PGP key server

Carlos E. R.-2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


The Sunday 2006-09-10 at 00:47 +0300, HG wrote:

> I'm thinking of setting up one "company master key" that I'll use to
> sign everybody's keys. I think I should upload that key to the key
> servers. Right? Anything to consider there? The users can then either
> upload their keys or not.

No, all keys must be uploaded. Otherwise, you correspondents will not be
able to check the signatures of the employees.

- --
Cheers,
       Carlos E. R.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQFFA1OitTMYHG2NR9URAppNAJ9mi6Etng8p1F7H8mN7D9fgg7UlMQCfYryF
LfBURKRF1mp3cICFAFKc9nM=
=cZUp
-----END PGP SIGNATURE-----


--
Check the headers for your unsubscription address
For additional commands, e-mail: [hidden email]
Security-related bug reports go to [hidden email], not here

Reply | Threaded
Open this post in threaded view
|

Re: PGP key server

HG-2
Hi!

On 9/10/06, Carlos E. R. <[hidden email]> wrote:
> No, all keys must be uploaded. Otherwise, you correspondents will not be
> able to check the signatures of the employees.

Last thing, is pgp.mit.edu _the_ place to upload them? Or does PGP has
it's own servers?

Thanks to all who responded!

--
HG.

--
Check the headers for your unsubscription address
For additional commands, e-mail: [hidden email]
Security-related bug reports go to [hidden email], not here

Reply | Threaded
Open this post in threaded view
|

Re: PGP key server

John Andersen
On Sunday 10 September 2006 00:27, HG wrote:

> Hi!
>
> On 9/10/06, Carlos E. R. <[hidden email]> wrote:
> > No, all keys must be uploaded. Otherwise, you correspondents will not be
> > able to check the signatures of the employees.
>
> Last thing, is pgp.mit.edu _the_ place to upload them? Or does PGP has
> it's own servers?
>
> Thanks to all who responded!
This has been answered before.  All the servers talk to each
other.  Upload it anywhere and it will be available everywhere.



--
_____________________________________
John Andersen

attachment0 (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: PGP key server

Paul Elliott
In reply to this post by HG-2
On Sun, Sep 10, 2006 at 11:27:02AM +0300, HG wrote:
> Hi!
>
> On 9/10/06, Carlos E. R. <[hidden email]> wrote:
> >No, all keys must be uploaded. Otherwise, you correspondents will not be
> >able to check the signatures of the employees.
>
> Last thing, is pgp.mit.edu _the_ place to upload them? Or does PGP has
> it's own servers?
>

pgp keyservers are like small town gossips, they all talk to each
other, and to tell one is to tell them all.


--
Paul Elliott                       1(512)837-1096
[hidden email]                    PMB 181, 11900 Metric Blvd Suite J
http://www.io.com/~pelliott/pme/   Austin TX 78758-3117

attachment0 (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: PGP key server

Carlos E. R.-2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


The Sunday 2006-09-10 at 04:13 -0500, Paul Elliott wrote:

> > Last thing, is pgp.mit.edu _the_ place to upload them? Or does PGP has
> > it's own servers?
>
> pgp keyservers are like small town gossips, they all talk to each
> other, and to tell one is to tell them all.

Right. Just choose one that works fast and reliably.

- --
Cheers,
       Carlos E. R.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQFFA/cZtTMYHG2NR9URAh5nAJ4gY6mKVTjzaCAsrQ5r175H1GO1XQCfVqRR
OS+qhFQSfZ00x4O9mdqssSI=
=GmWx
-----END PGP SIGNATURE-----


--
Check the headers for your unsubscription address
For additional commands, e-mail: [hidden email]
Security-related bug reports go to [hidden email], not here

Reply | Threaded
Open this post in threaded view
|

Re: PGP key server

HG-2
In reply to this post by John Andersen
Hi!

On 9/10/06, John Andersen <[hidden email]> wrote:

> On Sunday 10 September 2006 00:27, HG wrote:
> > Hi!
> >
> > On 9/10/06, Carlos E. R. <[hidden email]> wrote:
> > > No, all keys must be uploaded. Otherwise, you correspondents will not be
> > > able to check the signatures of the employees.
> >
> > Last thing, is pgp.mit.edu _the_ place to upload them? Or does PGP has
> > it's own servers?
> >
> > Thanks to all who responded!
>
> This has been answered before.  All the servers talk to each
> other.  Upload it anywhere and it will be available everywhere.

Sorry, I guess I didn't understand it the first time. Thanks to all
for explaning this though. I hope not to waste more of your time with
this.

--
HG.

--
Check the headers for your unsubscription address
For additional commands, e-mail: [hidden email]
Security-related bug reports go to [hidden email], not here