[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] peering broken for keyservers using reverse-proxies?
|
From: |
Ryan |
|
Subject: |
Re: [Sks-devel] peering broken for keyservers using reverse-proxies? |
|
Date: |
Thu, 5 Apr 2012 16:10:24 -0600 |
yeah when peers connect to the rcon port the server tells it what port it needs
to use to fetch the missing keys.
While this wouldn't address the DoS attack; my motivation was for high
availability via HAProxy; with some simple filtering/firewall rules you could
limit exposure to just your peers.
-Ryan
On Apr 5, 2012, at 3:32 PM, Daniel Kahn Gillmor wrote:
> This is an interesting approach -- it sounds like you're saying that sks
> will tell its peers what port it is listening on? However, that means
> that the 21371 public port is now subject to the same DoS attack that
> the reverse proxy is intended to fix.