[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] New Server
|
From: |
Kristian Fiskerstrand |
|
Subject: |
Re: [Sks-devel] New Server |
|
Date: |
Sat, 28 Apr 2012 16:16:06 +0200 |
|
User-agent: |
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20120312 Thunderbird/11.0 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 28.04.2012 16:02, Jeffrey Johnson wrote:
>
Hi Jeffrey,
>> FYI I've committed some changes to sks-keyservers.net in order to
>> use the reported Hostname of the SKS keyserver rather than the
>> hostname listed in any given peer list. One of the reasons for
>> this is the magnitude of aliases in use resulting in multiple
>> occurrences in the pool list.
>>
>
> Your remarks resemble my key servers. Can't be helped, sorry.
>
Aliases isn't necessarily a problem, at least, after the switch to
using the reported Hostname of the SKS server. If there is enough
need, I might consider creating a proper alias table, but I'd prefer
not to have to :)
>> Anyhow, since this change, your SKS server will be out of the
>> pool until a proper FQDN (OK, technically not as there isn't a
>> trailing dot) hostname is set in the sksconf file. This is
>> currently set to "services" according to [1, 2], where by i'd
>> expect it to read "keyserver.uberslacks.com"
>>
>
> Can you state the requirements for a "proper FQDN" name in the
> context of pool inclusion precisely?
In this scenario, any full hostname that is internet accessible. For
the case at hand; specifying "keyserver.uberslacks.com" rather than
"services" in sksconf [1] would be sufficient.
>
> Just asking for information on current implementation state:
> Aliasing is a very hard problem to solve, particularly when IPv4
> <-> IPv6 aliasing is also involved.
>
Indeed, but as long as there are enough servers in the pool to
function properly, it shouldn't cause too much trouble.
Preferably SKS operators stick to using the primary hostname of the
server for its membership file, but this should only affect the
cross-peering check in the status page. As long as the server is
accessible using the alias, it will now only read the Hostname from
the status page and use that for the listing.
Could you elaborate a bit on the IPv4 <-> IPv6 part? I fail to see why
this should add too much extra complexity (for the server operators at
least).
Speaking based on my own keyservers, the DNS entries simply lists;
## keys.kfwebs.net: IPv4 && IPv6 ##
keys.kfwebs.net. 49497 IN A 213.161.224.2
keys.kfwebs.net. 49497 IN AAAA 2001:16d8:ee30::4
## keys2.kfwebs.net: IPv4 && IPv6 ##
keys2.kfwebs.net. 32283 IN A 84.215.6.5
keys2.kfwebs.net. 22683 IN AAAA
2001:16d8:ee3d:ee30:215:5dff:fe00:120d
## keys3.kfwebs.net: IPv6 only ##
keys3.kfwebs.net. 22672 IN AAAA
2001:16d8:ee3d:ee30:215:5dff:fe00:1203
[1] http://keyserver.uberslacks.com:11371/pks/lookup?op=stats
- --
- ----------------------------
Kristian Fiskerstrand
http://www.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Corruptissima re publica plurimæ leges
The greater the degeneration of the republic, the more of its laws
- ----------------------------
This email was digitally signed using the OpenPGP
standard. If you want to read more about this
The book: Sending Emails - The Safe Way: An
introduction to OpenPGP security is now
available in both Amazon Kindle and Paperback
format at
http://www.amazon.com/dp/B006RSG1S4/
- ----------------------------
Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBCAAGBQJPm/umAAoJEBbgz41rC5UI/bwP/0KNBH7pkx4mGQORqpe5m8EG
Kdwzl6el5MPaAcuaFIstLk1JQrAv7RjE/JaQwIo6ftt47GTdFhDcn8f2APDe6bAx
3/T3V1zTbnXLcMU1OlLCjRj/G9gUQYu/mpJ1nS7BAqMz8Vzfl3iftwcsx7AK0AEs
wFfHKNiNjGKkH3KaWu7X8GW51yHdGBjYmcgZbiNuKrzDDF6eCSic4jwj0VmQU3TW
GyyI8vcE+JxNCQuSlhmiXzYd9HXWCXUqyHryzzAusvLGyjN1F8Sl0ffCmhdNZ1za
OW59JSW0fahXvbet6hf5s0DequJLMuNUEOZvEazyZ76TK4DXVSCcfXSsM5ezdL7a
WOy1XwlFs5iCqLmLIy5G57Jla+sGs1RYLth+CT+EBE/ehHCcZ/BanpDFNH/SrdRC
aEwP4uxqAtMMIH9BJz0uMrppz/BcAhiyXLfRle2g1PBJm+aVfA2D6YeLS0/8HHdH
16N//+TxHBg7gFfXVr+tV8w6lBO4W7/fjEeUPE9y1Rz9GuRx3MQPC3LPdy4TYWIw
sBwicYPdGhlfbgcInRB71h2eMQ683Umhf8vKy3ykc+s0IDYZrn+Uyx1dx0bQdcnw
v6bbRTArT/vBNNqPwPjTgwDFAw4p1Q73XI3pD2GsjRDifSYRz2YUpdNmaTbeW3zH
Tru37cWxC4psx4kW6ItN
=ISRH
-----END PGP SIGNATURE-----
- Re: [Sks-devel] New Server, Kristian Fiskerstrand, 2012/04/28
- Re: [Sks-devel] New Server, Jeffrey Johnson, 2012/04/28
- Re: [Sks-devel] New Server,
Kristian Fiskerstrand <=
- Re: [Sks-devel] New Server, Jeffrey Johnson, 2012/04/28
- Re: [Sks-devel] New Server, Kristian Fiskerstrand, 2012/04/28
- Re: [Sks-devel] New Server, Kristian Fiskerstrand, 2012/04/28
- Re: [Sks-devel] New Server, Jeffrey Johnson, 2012/04/28
- Re: [Sks-devel] New Server, Kristian Fiskerstrand, 2012/04/28
[Sks-devel] RFE for sks-keyservers.net (was Re: New Server), Jeffrey Johnson, 2012/04/28