Re: [Sks-devel] The pool is shrinking

[Philihp Busby]

Most of the keyservers support HKPS if you point to them directly...

hkps://keyserver.mattrude.com
hkps://zuul.rediris.es
hkps://pgpkeys.urown.net
hkps://pgp.philihp.com

I, for one, have also been doing what you did Todd, and switched my systems 
over to my own keyserver, because:

(A) I know for a fact I am not logging key requests, but there is no way for 
one to know this unless they operate their own keyserver.
(B) I choose trust standard root CAs, which are known to be well-audited, and 
can get a free cert through LetsEncrypt
(C) Even if I could get a cert with Kristian's self-signed CA, I have no 
assurance that it hasn't been compromised.

That said, I will honestly soon switch over to hkps://keys.openpgp.org because 
I believe people should have a right to request their identity be removed from 
the network.

On 2019-06-21T12:22:57Z, Todd Fleisher wrote:
> > On Jun 21, 2019, at 8:00 AM, Skip Carter <address@hidden> wrote:
> >
> > Signed PGP part
> > As a newcomer to the pool, I have to agree.
> > There are several impediments to becoming a keyserver that just
> > shouldn't be and the need for daily poking at it is just one of those
> > things.  There were several times where I was just ready to give up on
> > it.
>
> FWIW - in my experience, once you get things setup & dialed-in there is no need 
> for daily poking at it. My load balanced pools have been running for months with 
> only the occasional intervention required by me.
>
> > On Jun 21, 2019, at 6:21 AM, Hendrik Visage <address@hidden> wrote:
> >
> > The word “cluster” there is the “problem” for hobby setups: we now have to 
> > source at least 2x 8GB RAM VMs, where the previous single 2-4GB VMs were 
> > sufficient to keep going
>
> I can understand the frustration, but things change and in the current state of 
> the SKS network more resources are required. I’d also say the idea of this 
> being a “hobby” is in direct opposition to this being a public, production 
> service that people rely on which IMO would always dictate at least 3 nodes for 
> redundancy.
>
> > On Jun 21, 2019, at 12:33 AM, Kristian Fiskerstrand <address@hidden> wrote:
> >
> > No, issuing certificates to servers not being able to keep up doesn't
> > improve the experience from anyone (the number of complaints I get from
> > users has dropped significantly). And its not really a strict
> > requirement, one can set up VMs / chroots for it on a relatively small
> > server.
>
> This could mean that people are having less issues with the HKPS pool, but it’s 
> also possible there are other reasons for a decrease in complaints. Personally, I 
> switched my systems (and the systems of users I support) away from using the HKPS 
> pool in favor of using my server(s) due to the ongoing complaints about 
> intermittent availability & performance issues in the HKPS pool. That’s not 
> meant as a dig on your approach, just letting you know my experience. On the 
> contrary, I found you to be quite responsive last September when I reported a major 
> issue with 2/3 of the servers in the HKPS pool generating 502 errors.
>
> -T



> _______________________________________________
> Sks-devel mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc
Description: PGP signature