[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] 2 out of 10 pool.sks-keyservers.net not responding to pi
From: |
Jonathan Wiltshire |
Subject: |
Re: [Sks-devel] 2 out of 10 pool.sks-keyservers.net not responding to pings |
Date: |
Mon, 29 Nov 2010 22:02:28 +0000 |
User-agent: |
Mutt/1.5.20 (2009-06-14) |
On Mon, Nov 29, 2010 at 03:55:17PM -0500, Daniel Kahn Gillmor wrote:
> From where i sit, 2 out of 10 of the servers returned by
> pool.sks-keyservers.net are not responding to ICMP echo requests (pings):
>
> 193.174.13.74 (pgpkeys.pca.dfn.de)
> 94.46.216.2 (sks.5coluna.com)
>
> Given that the machines do respond to http requests, i wonder why they
> don't respond to ICMP echo requests. enabling ICMP echo responses on
> these hosts would make for much simpler network diagnostics.
Hmm. A number of sites, my workplace included, block ICMP packets as a
matter of course. Ping isn't really a reliable test of a functioning SKS
server anyhow, it just means the box is up. I'd rather see a test checking
that a host responds to the SKS request port; that seems much more robust.
> Is there a general consensus that keyservers in the well-connected pool
> should (or should not) provide ICMP echo responses?
>
> I'd like to suggest that they should, but i'd be interested in hearing
> arguments to the contrary as well.
It may not be in the power of the server admin, and even if it is I don't
think it's our place to impose conditions of this nature. The server admin
is probably ignoring ICMP for a reason, misguided or not, and the core
functionality of SKS doesn't rely on ICMP echo requests so it's not really
any of our business.
--
Jonathan Wiltshire
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
signature.asc
Description: Digital signature