Re: [Sks-devel] reverse proxies and the pool

[Daniel Kahn Gillmor]

On 10/28/2013 03:25 PM, Gabor Kiss wrote:

> 1 vote against it. (Sorry if I seem to be ungrateful. :)

can you explain more why?

> > Ideally, if network traffic should increase, it could be interesting
> > to setup a new subpool (to replace the current HA - High Availability
> > pool) that only include load-balanced setups with multiple SKS servers
> > behind a single reverse proxy.
> >
> > What are your thoughts about such a move?
>
> I already explicated that the main vulnerability of key servers is
> not a temporary network overload at socket level. Guys at No Such Agency
> once decide to flood the servers with one hundred million fake keys
> with ardent help of several governments of Near, Middle and Far East.

I share your concerns (though maybe without such geographic 
specificity), but i'm not sure how they're relevant to the question 
being asked.

Is an argument against restricting pool.sks-keyservers.net to 
reverse-proxied servers?  or as an argument against creating a new 
high-availability subpool of servers that actually run their own 
internally load-balanced setups?

I'm not sure how this argument works in either context.  What specific 
threat is mitigated by leaving servers that are trivially-DoSable in the 
default pool?

        --dkg