Rodney Thayer <rodney(_at_)sabletech(_dot_)com> writes:
where is this documented?
History lesson: the pgp keyserver started as a perl cgi hack, which
grew into a C hack, which grew into my undergraduate thesis, and then
things got really out of control :-)
If you want docs, look at <http://www.mit.edu/people/marc/pks/> and
follow the thesis link (or the source link). The default port number
isn't in there, but if it will make it easier for people to get holes
in their firewalls, I can document it in the FAQ, or something.
I suppose the next step is taking the relevant section from the thesis
and formatting it as an i-d.
where is that goofy port number they use in PGP 5 documented?
It's the default in the installation. Remember, this used to be hack.
Has anyone tried this with a proxy server?
I don't see why it wouldn't work, if the proxy server is configured
properly.
This doesn't work with some firewalls.
I'm completely unable to figure out how forbidding outbound TCP to
high numbered ports enhances the security of any firewall.
"A. Padgett Peterson P.E. Information Security"
<PADGETT(_at_)hobbes(_dot_)orl(_dot_)lmco(_dot_)com> writes:
11371 - was used by the original MIT server. Already suggested that PGP
apply for a "assigned number" port under 1024.
Why under 1024? This would require that unix systems run the daemon
as root, which is completely unnecessary.
"William H. Geiger III" <whgiii(_at_)amaranth(_dot_)com> writes:
Well there is nothing formal on what port is being used. While most are
using 11371 there are others using different ports including 80. This
depends on the software configuration and software being used (not all
servers are running the same software).
Myself prefer having a flexible approach to the port being used by the
server rather than having a set port. I can even see hi volumn servers
using multiple ports for access (similar to what irc servers do).
My server code, at least, has a configuration file which allows the
maintainer to specify the server port. It only supports one at a
time, but there's already multiplexing code in there, so supporting
more than one would be pretty easy.
Marc