[Sent from my iPad, as it is not a secured device there are no cryptographic keys on this device, meaning this message is sent without an OpenPGP signature. In general you should *not* rely on any information sent over such an unsecure channel, if you find any information controversial or un-expected send a response and request a signed confirmation]
The systems I'm routinely seeing making bursts of queries seem to be ordinary endpoints with dynamic IP addresses. They're not Tor exit nodes, and essentially 100% of the queries they make result in a 404 response -- it doesn't seem like someone refreshing a keyring with keys that are known to exist. They're all using the same user-agent too.
googling the user agent [OkHttp] seems to be a client library for android. The first thing that strikes me with large refreshes without matching keys is either a separate set of keys not shared on the public network, it was one of those that leaked that caused 7,000 new keyblocks in a day or so historically at least, or if tied to cellphone maybe manual/QR exchanges without keyserver use.. But that is just observations based on historical events (and ultimately likely less relevant to how we should set up the network to cope)
Referneces: |