Re: [Sks-devel] simple DoS against SKS's HKP interface :/

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] simple DoS against SKS's HKP interface :/

From:	Daniel Kahn Gillmor
Subject:	Re: [Sks-devel] simple DoS against SKS's HKP interface :/
Date:	Mon, 19 Mar 2012 13:24:00 -0400
User-agent:	Mozilla/5.0 (X11; Linux i686; rv:9.0) Gecko/20120125 Icedove/9.0.1

On 03/19/2012 07:38 AM, Kristian Fiskerstrand wrote:

On 19.03.2012 02:25, Daniel Kahn Gillmor wrote:

So my nginx configuration stanzas are:


Thank you for the recommendation and the configuration example.
keys.kfwebs.net should be running a similar setup now on both IPv4 and
IPv6.


Thanks for doing that, Kristian!

Have you given any thought to my recommendation for pool operators?

Any round-robin pools that have "high-availability" among their goals
should probably limit themselves to SKS installations using a similar
HTTP reverse proxy.

A simple test might be to retrieve the Server: header from the HTTP
response to a GET http://$keyserver/ -- if Server: contains sks_www,
it's probably not a reverse proxy.  keys.mayfirst.org shows Server:
nginx now.  Any other suggested mechanisms to detect this?

If there was an ha-pool.sks-keyservers.net , i would be very happy touse it instead of pool.sks-keyservers.net. Or shouldpool.sks-keyservers.net do that high-availability filtering directly?


        --dkg

[Prev in Thread]

Current Thread

[Next in Thread]

[Sks-devel] simple DoS against SKS's HKP interface :/, Daniel Kahn Gillmor, 2012/03/13
- Re: [Sks-devel] simple DoS against SKS's HKP interface :/, MailFighter.net Admin, 2012/03/18
  - Re: [Sks-devel] simple DoS against SKS's HKP interface :/, Daniel Kahn Gillmor, 2012/03/18
    - Re: [Sks-devel] simple DoS against SKS's HKP interface :/, Kristian Fiskerstrand, 2012/03/19
    - Re: [Sks-devel] simple DoS against SKS's HKP interface :/, Daniel Kahn Gillmor <=
    - Re: [Sks-devel] simple DoS against SKS's HKP interface :/, Kristian Fiskerstrand, 2012/03/19
    - Re: [Sks-devel] simple DoS against SKS's HKP interface :/, Daniel Kahn Gillmor, 2012/03/19
    - Re: [Sks-devel] simple DoS against SKS's HKP interface :/, Phil Pennock, 2012/03/21
    - Re: [Sks-devel] simple DoS against SKS's HKP interface :/, Kristian Fiskerstrand, 2012/03/25
    - Re: [Sks-devel] simple DoS against SKS's HKP interface :/, Daniel Kahn Gillmor, 2012/03/25
    - Re: [Sks-devel] simple DoS against SKS's HKP interface :/, Kristian Fiskerstrand, 2012/03/25
    - Re: [Sks-devel] simple DoS against SKS's HKP interface :/, Peter Kornherr, 2012/03/20
    - Re: [Sks-devel] simple DoS against SKS's HKP interface :/, Peter Kornherr, 2012/03/20
    - Re: [Sks-devel] simple DoS against SKS's HKP interface :/, John Clizbe, 2012/03/20
    - Re: [Sks-devel] simple DoS against SKS's HKP interface :/, Peter Kornherr, 2012/03/20

Prev by Date: Re: [Sks-devel] simple DoS against SKS's HKP interface :/
Next by Date: Re: [Sks-devel] simple DoS against SKS's HKP interface :/
Previous by thread: Re: [Sks-devel] simple DoS against SKS's HKP interface :/
Next by thread: Re: [Sks-devel] simple DoS against SKS's HKP interface :/
Index(es):
- Date
- Thread