This website is also available using HTTPS (TLS), with a Thawte signed certificate that can also be validated through OpenPGP using Monkeysphere. [Read more]

Overview of the pools

The servers that are included in the pool responded during the last update, are updated to the required minimum version of the software and is synching with the rest of the network to update the keys and only includes servers running a reverse proxy rather than exposing sks directly to the clients.

hkp defaults to port 11371, and the same pool can be accessed using e.g. http://pool.sks-keyservers.net:11371

pool.sks-keyservers.net

The primary pool. This includes both A (ipv4) and AAAA (ipv6) records based on a random selection of included servers

eu.pool.sks-keyservers.net

European pool. This includes A (ipv4), AAAA (ipv6) and SRV records based on the performance timing expressed in the SRV weights.

Service (SRV) Records

The pools _pgpkey-http._tcp.eu.pool.sks-keyservers.net contains DNS Service (SRV) records with weights as found in the status list. For a description of how the weights are calculated, please see this PDF document

na.pool.sks-keyservers.net

North american pool. This includes A (ipv4), AAAA (ipv6) and SRV records based on the performance timing expressed in the SRV weights.

Service (SRV) Records

The pools _pgpkey-http._tcp.na.pool.sks-keyservers.net contains DNS Service (SRV) records with weights as found in the status list. For a description of how the weights are calculated, please see this PDF document

oc.pool.sks-keyservers.net

Preliminary Oceania pool. Note, this pool currently does not have enough measuring clients to be considered stable. This includes A (ipv4), AAAA (ipv6) and SRV records based on the performance timing expressed in the SRV weights.

Service (SRV) Records

The pools _pgpkey-http._tcp.oc.pool.sks-keyservers.net contains DNS Service (SRV) records with weights as found in the status list. For a description of how the weights are calculated, please see this PDF document

ipv6.pool.sks-keyservers.net

IPv6 enabled servers are included with AAAA records in the main pool, and an IPv6-only pool is available at ipv6.pool.sks-keyservers.net

ipv4.pool.sks-keyservers.net

Similarily an IPv4 only pool is available at ipv4.pool.sks-keyservers.net if anyone for some reason (broken IPv6) should have difficulties

subset.pool.sks-keyservers.net

This is a subset of the pool: At the moment it only includes servers updated to version 1.1.4. This pool support Elliptic Curve public keys as described in RFC6637

ha.pool.sks-keyservers.net

This is a high-availibility subset of the pool. As the main pool require all servers to be behind a reverse proxy, this subpool doesn't currently provide any additional functionality. The HA name is reserved for future use related to clustered servers (currently marked with blue indicator for reverse proxy in the status pages)

p80.pool.sks-keyservers.net

This is a pool containing only servers available on port 80 (needs to be used as hkp://p80.pool.sks-keyservers.net:80)

hkps.pool.sks-keyservers.net

This is a pool containing only servers available using hkps. Regular A and AAAA and SRV records are included for port 443 servers, and a lookup is performed for _pgpkey-https._tcp on the individual servers to determine if a hkps enabled service is listening on another port, in which case this is included as a SRV record.

This pool only include servers that have been certified by the sks-keyservers.net CA, of which the certificate can be found at https://sks-keyservers.net/sks-keyservers.netCA.pem[OpenPGP signature]. This can be used by using the following parameters in gpg.conf:

~/.gnupg/gpg.conf:
  keyserver hkps://hkps.pool.sks-keyservers.net
  keyserver-options ca-cert-file=/path/to/CA/sks-keyservers.netCA.pem

Keyserver operators wanting to be included in this pool will have to send an OpenPGP signed message containing a CSR to a UserID of 0x0B7F8B60E3EDFAE3.

This site is developed and hosted by KF (Kristian Fiskerstrand) Webs