homepgpnotes [Henk Penning]

comparing WOTs

author Henk P. Penning
date Tue Oct 12 22:31:29 CEST 2004
regards the strong set in the PGP web of trust


Recently I have tried to extract the strong set from the PGP key server at pki.surfnet.nl. This keyserver is very fast and up-to-date.

I have compared this set with the wotsap data, computed by Jörgen Cederlöf.

For details see a list of differences (current version) ; a summary is given near the end of the file.

A summary of the differences is:

  total in scc 25169
  only  in scc 1296
  bad   in scc 0

  total in wot 27542
  only  in wot 3669
  bad   in wot 1872 - revoked (28), expired (1836), invalid (8)
Here scc indicates my stuff, and wot indicates wotsap stuff ;
bad means revoked, expired or invalid, as indicated by a gpg '--with-colons' listing.

A stab at an explanation:


Starting with some key known to be in the strong set, I used gpg to extract keys from the keyserver, using only one keyring. Because gpg writes the the keyring after every import, file IO became unbearably slow.

I decided to use 256 keyrings, one for every 2 character key prefix. That worked well except that, after a while, some keyrings got corrupted. The corrupting keys appeared to be expired or revoked, so I decided to drop the 'bad keys'.

Now, refreshing the 50.000+ reachable keys takes less than an hour.
After the refresh, retrieving new keys, and deleting bad keys takes only minutes.