|
From: | Ryan Hunt |
Subject: | Re: Lying about Hockeypuck being SKS? |
Date: | Mon, 22 Mar 2021 16:02:44 -0600 |
I concur with the rest of the sentiment, I think its time to start accepting HP as a replacement for SKS.. If the sks-pool will not recognize the value of HP servers I suppose our only recourse is to fake it for the time being. However I’d like to see some efforts made towards: - Rolling our SKS hacks back upstream with HP, initially this seems stupid but HP has already put in efforts to maintain compatibility with SKS peers.. I think a transitional SKS emulation mode that is easy to implement and maintain upstream is worthwhile, especially if we can come up with a plan to deprecate this nonsense down the road and its just to get us through the near future. - Continued pressure to extend the sks-keyserver pools to include HP out the box, this is the only way we’re going to save it. In its current state its already being mass purged from the clients.. Lying to the pool to save the pool seems totally defeating. - If it becomes clear the sks-keyserver pool is never going to accept patches, contributions, whatever it takes to get HP Servers included then its time to declare it dead, we can’t plan on lying to it until the end of time and SKS operators are dropping off like flies, and those that are sticking around struggle to maintain service. - Start a new pool service, designed to be extensible and start asking the few clients remaining on the sks-pool to start migrating off.. Technology stacks have changed quite a bit over the years and this may be less effort than it seems with standard libraries to interact with cloud DNS services pretty widespread. HP stats can be machine readable w/JSON, and we’ve got the opportunity to extend HP specifically to make joining pools more robust, trusted, and less fragile since I think there’s far more of us here capable of contributing GoLang over OCaml upstream.. I’m thinking like a dedicated machine readable status/health API endpoint that the server can sign with its own key and the pool provider can verify its the server it claims to be, and make accommodations for blacklisted/removed keys/max key sizes/etc accounting for variations in key counts. TBH I think creating our own pool is likely our best option going forward, yeah it’ll take some time (ie years) before Distros and the various PGP clients come back.. but most of em that I used personally that came out the box w/the SKS pool no longer do so I think the damage has long been done. I’ve been playing with the Cloudflare DNS API’s of recent and they seem like they would be well suited to hosting us a Hockeypuck pool, and Cloudflare has such a favorable stance for internet protection/security I would be astonished If they pulled the plug on a free account doing Keyserver pooling.. its more likely the’d be willing to donate some premium features to the cause than anything if needed. Best Regards, -Ryan Hunt
|
signature.asc
Description: Message signed with OpenPGP
[Prev in Thread] | Current Thread | [Next in Thread] |