Abstract
In the Internet, securing email has always been an important issue. Various standards and products have been created. One of the most successful standards is OpenPGP [4], which uses public key cryptography (RSA [13] and others) and is implemented in systems like Pretty Good Privacy [15], GNU Privacy Guard [8], Hushmail [1] and others. A well-known difficulty with the use of public key cryptographic systems is the verification and distribution of the public keys. OpenPGP solves the problem of verifying the authenticity of a public key by having users certify each others keys, building a "Web of Trust" [5] by bundling these key certificates with each users public key. Therefore, adding a new public key and updating an existing public key (or replacing it by a new version) are the two most important operations of any PGP public key repository. To allow easy distribution of PGP public keys, the OpenPGP community established a network of open access public keyservers [7], allowing users of OpenPGP software to freely exchange public keys. The nodes of this keyserver network synchronise their database by exchanging new public keys and key updates amongst each other, virtually building one global key database. At the moment, this synchronisation is done with an inefficient and ineffective email based protocol. This paper describes the implementation of an alternative protocol - KX - on the popular pksd keyserver [6], based on direct TCP connections between the keyservers and unambiguous identifiers for every key update or new key. With the dropping of the dependency on a working mail system and the improved fault mechanisms, KX is a lightweight alternative in terms of used network, disk and CPU resources.