Overview of the pools

The servers that are included in the pool responded during the last update, are updated to the required minimum version of the software and is synching with the rest of the network to update the keys and only includes servers running a reverse proxy rather than exposing sks directly to the clients.

hkp defaults to port 11371, and the same pool can be accessed using e.g. http://pool.sks-keyservers.net:11371

pool.sks-keyservers.net

The primary pool. This includes both A (ipv4) and AAAA (ipv6) records based on a random selection of included servers

eu.pool.sks-keyservers.net

European pool. This includes A (ipv4), AAAA (ipv6) and SRV records based on the performance timing expressed in the SRV weights.

Service (SRV) Records

The pools _pgpkey-http._tcp.eu.pool.sks-keyservers.net contains DNS Service (SRV) records with weights as found in the status list. For a description of how the weights are calculated, please see this PDF document

na.pool.sks-keyservers.net

North american pool. This includes A (ipv4), AAAA (ipv6) and SRV records based on the performance timing expressed in the SRV weights.

Service (SRV) Records

The pools _pgpkey-http._tcp.na.pool.sks-keyservers.net contains DNS Service (SRV) records with weights as found in the status list. For a description of how the weights are calculated, please see this PDF document

oc.pool.sks-keyservers.net

Preliminary Oceania pool. Note, this pool currently does not have enough measuring clients to be considered stable. This includes A (ipv4), AAAA (ipv6) and SRV records based on the performance timing expressed in the SRV weights.

Service (SRV) Records

The pools _pgpkey-http._tcp.oc.pool.sks-keyservers.net contains DNS Service (SRV) records with weights as found in the status list. For a description of how the weights are calculated, please see this PDF document

ipv6.pool.sks-keyservers.net

IPv6 enabled servers are included with AAAA records in the main pool, and an IPv6-only pool is available at ipv6.pool.sks-keyservers.net

ipv4.pool.sks-keyservers.net

Similarily an IPv4 only pool is available at ipv4.pool.sks-keyservers.net if anyone for some reason (broken IPv6) should have difficulties

subset.pool.sks-keyservers.net

This is a subset of the pool: At the moment it only includes servers updated to version 1.1.6. This pool support Elliptic Curve public keys as described in RFC6637 and those based on Curve25519 (Both Ed25519/eddsa and for encryption)

ha.pool.sks-keyservers.net

This is a high-availibility subset of the pool that require all servers to be identified as a clustered setup (marked with blue indicator for reverse proxy in the status pages)

p80.pool.sks-keyservers.net

This is a pool containing only servers available on port 80 (needs to be used as hkp://p80.pool.sks-keyservers.net:80)

hkps.pool.sks-keyservers.net

This is a pool containing only servers available using hkps. Regular A and AAAA and SRV records are included for port 443 servers, and a lookup is performed for _pgpkey-https._tcp on the individual servers to determine if a hkps enabled service is listening on another port. At this point, however, servers not running on port 443 are not included.

This pool only include servers that have been certified by the sks-keyservers.net CA, of which the certificate can be found at https://sks-keyservers.net/sks-keyservers.netCA.pem [OpenPGP signature] [CRL].

For GnuPG 1.4 and 2.0 installations this can be used by using the following parameters in gpg.conf:

~/.gnupg/gpg.conf:
  keyserver hkps://hkps.pool.sks-keyservers.net
  keyserver-options ca-cert-file=/path/to/CA/sks-keyservers.netCA.pem

GnuPG 2.1 users prior to version 2.1.11 (starting with this version the certificate is enabled by default for this pool) want to add the following in dirmngr.conf:

~/.gnupg/dirmngr.conf:
   hkp-cacert /path/to/CA/sks-keyservers.netCA.pem

Keyserver operators wanting to be included in this pool will have to send an OpenPGP signed message containing a CSR to a UserID of 0x94CBAFDD30345109561835AA0B7F8B60E3EDFAE3.

Tor hidden service

An experimental Tor OnionBalance hidden service is running as hkp://jirk5u4osbsr34t5.onion consisting of the servers marked with Tor support in the status list as backend.

This site is developed and hosted by KF (Kristian Fiskerstrand) Webs