author Henk P. Penning date Tue Oct 12 22:31:29 CEST 2004 regards the strong set in the PGP web of trust
Recently I have tried to extract the strong set from the PGP key server at pki.surfnet.nl. This keyserver is very fast and up-to-date.
I have compared this set with the wotsap data, computed by Jörgen Cederlöf.
For details see a list of differences (current version) ; a summary is given near the end of the file.
A summary of the differences is:total in scc 25169 only in scc 1296 bad in scc 0 total in wot 27542 only in wot 3669 bad in wot 1872 - revoked (28), expired (1836), invalid (8)Here scc indicates my stuff, and wot indicates wotsap stuff ;
bad means revoked, expired or invalid, as indicated by a gpg '--with-colons' listing.
A stab at an explanation:
- 1296 keys are not wotsap, possibly because they are not in the key dump.
For example, look at the first key listed as only in scc in the difference list: key 9AB40963. Note that this key is cross-signed with key F095E5E4 which is in the strong set, according to the wotsap report ; So 9AB40963 must be in the strong set too. Key 9AB40963 isn't on www.tik.ee.ethz.ch.
- 3669 keys are not in scc, mainly because I discard expired keys ; There are 1836 of those in wotsap. The remaining 1833 keys missing in scc could well be connected to the wot by these missing, expired keys.
Starting with some key known to be in the strong set, I used gpg to extract keys from the keyserver, using only one keyring. Because gpg writes the the keyring after every import, file IO became unbearably slow.
I decided to use 256 keyrings, one for every 2 character key prefix. That worked well except that, after a while, some keyrings got corrupted. The corrupting keys appeared to be expired or revoked, so I decided to drop the 'bad keys'.
Now, refreshing the 50.000+ reachable keys takes less than an hour.
After the refresh, retrieving new keys, and deleting bad keys takes only minutes.