[Sks-devel] Re: problems with SKS 1.0.10 when searching by key ID from G

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sks-devel] Re: problems with SKS 1.0.10 when searching by key ID from G

From:	Kristian Fiskerstrand
Subject:	[Sks-devel] Re: problems with SKS 1.0.10 when searching by key ID from GnuPG
Date:	Tue, 24 Mar 2009 16:39:02 +0100
User-agent:	Thunderbird 2.0.0.12 (X11/20080305)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Daniel Kahn Gillmor wrote, On 03/23/2009 09:17 PM:
> On 03/23/2009 04:02 PM, David Shaw wrote:
>> On Sun, Mar 22, 2009 at 07:41:50PM -0400, Daniel Kahn Gillmor wrote:
>>> has any thought been
>>> given to requiring members of the keyserver pools to not run that
>>> version of SKS?  keys.gnupg.net itself contains several keyservers
>>> running 1.0.10, which misbehave in response to standard gpg searches by
>>> keyid.
>> None that I know of.  Eventually, such a thing will be necessary, but
>> it would have to be done via whoever controls the particular keyserver
>> round-robin.
> 
> Kristian Fiskerstrand, i believe you're controlling
> pool.sks-keyservers.net -- do you have any plans to reject members
> running known-buggy versions?

It is correct that I run the keyserver pool, but no, I don't have any
current plans for doing so.. mainly because it hasn't been much of an
issue before..

But I'm always open for suggestions. As for now I already have blacklist
on aliases/ips, but there is an RFE to block certain versions?

> Those of you who run keyserver pools: what software do you run to manage
> the DNS?  Does it have the ability to reject by reported version?

Its a set of PHP and bash scripts updating mine at least, and yes, I
would have the ability to block by version.

For now I created subset.pool.sks-keyservers.net which should include
only keys that are reporting version to be 1.1.0 , so please test this out.

- --
- ----------------------------
Kristian Fiskerstrand
http://www.kfwebs.net
- ----------------------------
Divide et impera
Divide and govern
- ----------------------------
http://www.secure-my-email.com
http://www.secure-my-internet.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (GNU/Linux)

iQIcBAEBCAAGBQJJyP6WAAoJEBbgz41rC5UIs/kP/iBx5LQ1Ck17UA03g5qOjccZ
2yCDfVifa3I2ysb8gcUTCIQh8/k4hGTjRzhB/EEbnBtMad8IrhjjYgHIFeXQmBnb
Hj1ojTe5DD8sBRAO5igu6gxJd1iEyOTWOrt6YuRdq3CunoSx4bXrDGEk9KqwSfAq
iC1arHYXFg4YJtSZKk2JeJJAN7biIAwQftDeZALeJ8RqoHVP9+tLx4/lmuGvH3ts
R0bla0/ULuNlcA3St+7kJZGkqfS69yrZd08JC0WL86iWJdOJIMdJ/zIoLXMnHZu6
+6aTpFhdWakLY7S2UDVhWeIK4fiN7XX/d3FGb9UBX8XWck22ijStK82tGYtzUx1P
PvhNG+rPGzLvJ9KWQLLA/AFjyF1lBlq7Q4gAqhbZnT1g+aiswC3yKaq+tzdhus38
MqZ7uC/hLtxsVstnIQhjSwVBh6xEf7Sgi6E6nPmdjs4Yb3gIHiHRjvpLQOEhCnXQ
uUZegarMZYeZifp/MdvFQo+b6cU4cd3qMSV/1ZslibiHFl0qjk6MzhHCesLF96eK
zR/HAbgtFcG7YKio2OMWRrNzRQiJiFyLmnY4x4C2QhJyCY1kRV8XVBRY8D8/nr3+
6+lcGx9cG3D81a2V5yaljty5DpI9V5fDw9npIkQ3hPPlwzJVJUpdXl+BO+exx76T
gGDaAuyUi/vDGdDX0l1K
=evFD
-----END PGP SIGNATURE-----

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG, (continued)

Prev by Date: Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG
Next by Date: Re: [Sks-devel] Re: problems with SKS 1.0.10 when searching by key ID from GnuPG
Previous by thread: Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG
Next by thread: Re: [Sks-devel] Re: problems with SKS 1.0.10 when searching by key ID from GnuPG
Index(es):
- Date
- Thread