Re: [Sks-devel] IPv6 peering; keydumps annoyingly large

[John Clizbe]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Robert J. Hansen wrote:
>> So just wait and see until the last minute to clean it up when DB does
>> become a issue ?
> 
> No.  Wait for it to become any kind of a problem, and then solve it -- not
> before.
> 
> Fixing things that are not problems and are not projected to become problems
> is an inefficient use of a highly limited resource.
> 
>> Why wait ? Why can't we run a script that will at least delete keys that
>> have expired and revoked ? And then prevent such keys from being
>> re-imported back into the db ? That would be the sensible thing to do now
>> when we don't have any emergencies.
> 
> At risk of pointing out the obvious, you've just added to the keyserver
> network a way to delete keys and keep them from getting re-entered into the
> DB.
> 
> This is exactly what the keyserver network is meant to avoid.  If that's
> possible, the keyserver system will have failed.  For your idea to be
> adopted, the network must fail.  This may explain some of the pushback you're
> receiving...

The idea of subsetting keys to different servers completely breaks what makes
SKS so great - the FAST reconciliation of differences between two sets of data
(servers).

- From the Google Code page (http://code.google.com/p/sks-keyserver/ ):
> The foundation of SKS is an efficient algorithm for reconciling remote data
> sets. That algorithm is described in the following papers:
> 
>     * Set Reconciliation with Nearly Optimal Communication Complexity
>       http://ipsit.bu.edu/documents/ieee-it3-web.pdf
>     * Practical Set Reconciliation 
>       http://ipsit.bu.edu/documents/BUTR2002-01.ps

Keep in mind that the goal of reconciliation is to produce identical data sets
on each machine. You can't take that away, subset the data, and still call it 
SKS.

Why the need to wait for Blu-Ray burners? DL-DVD writers are available for <$40,
and as pointed 8GB USB sticks are under $10. Note: Whatever the choice, all the
dump files _must_ be in one directory (no splitting to two DVDs).

- -- 
John P. Clizbe                      Inet: John (a) GingerBear DAWT net
FSF Assoc #995 / FSFE Fellow #1797  hkp://keyserver.gingerbear.net  or
     mailto:address@hidden

"When life hands you melons, I think it's about time you admit to
yourself that you're dyslexic."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12-svn5502-2010-12-23 (Windows XP)
Comment: When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
Comment: Be part of the £€37 ECHELON -- Use Strong Encryption.
Comment: It's YOUR right - for the time being.
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJN5lEVAAoJECMTMVxDW9A0+AoIAIGrJPM9T+nWoI48QRVI1c1O
e01WakCyAP6fIm9lLFxSoYjtxriyhHVwpPm4rT4fQ3mrWdqBxLN7Y45HqAGjGm+0
+LrJjAt4BeWlEkOQoQY2PJ36LD+RXKfbkUqDttI9/zl5xCggpewYrVvqrLlvpGuJ
QGg1HorbjG+chNNuOPFMzuT0PB5Q8pX9IIhBz1PYlIy9qIxAheUV8swM1yu25A6W
orMzA30qOB+sOFvFiptVeE2/IYx53WVD6VcebolOLOrwWv5QXfB49b9ZBB401bLm
Ps2FW3fXHGbQfy4cfJNNwE7AVTgBJNc9JAb8DXFC9+rriNtoZm8RIM7dPmtKDVOI
XgQBEQgABgUCTeZRFQAKCRDrXhnz1laYJdBHAP4+rWb5yh1vh09EqIC/mMjVi8FS
Khw7riISDzGXDEbDDwD/QNXWYAGS8RBVOLPNUiuyolhkHi6W+yFooUVj0hC/luU=
=WpDS
-----END PGP SIGNATURE-----