Re: [Sks-devel] [GnuPG-users] sks-keyservers.net: Changes to pools / SRV Weights

[Kristian Fiskerstrand]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 2012-05-13 22:38, Phil Pennock wrote:
> On 2012-05-13 at 16:33 -0400, Phil Pennock wrote:
>> When I do reclaim the IPv4, I'll probably split sks/sks-peer to
>> two different IPv6 addresses and set up appropriate
>> packet-filtering on the v6 address, so that peering can remain up
>> even in the face of DoS against the service address, provided my
>> link doesn't saturate.
> 
> Oh, the reason I didn't do this originally was because the
> keyserver pool was using the hostname from the peering mesh, so 
> sks-peer.spodhuis.org was more discoverable.
> 
> I'm *very* pleased by Kristian switching the pool to use the
> sksconf hostname, which gets folks seeing the advertised service
> hostname, not the peering hostname.  If this stays common, and is
> used for resolving the IPs for membership, and supplying hostnames
> for SRV pools (or IPs for host aliases in the SRV pools), then my
> original intentions are feasible.
> 

I do, indeed, intend to keep this practice, as, the way I see it, it
is the most sensible way to keep the pool clean.

Please note, that your original setup of separating between sks and
sks-peer will mean that the cross-peering information on the meta page
will not show properly connected peers. It will also influence the
Reference Membership file. But as I've said before, this is mostly for
convencience of the server operators, and not used at all for the
actual core operations of the pool - the reference membership file was
a request after a failed server where no backup was performed :) (but
it is nice for debugging)

> Whether they're sensible is a matter of opinion.  I think so, but I
> know others might regard it as over-engineering.

For me, operating the pool, it certainly makes things easier, rather
than being over-engineering.


- -- 
- ----------------------------
Kristian Fiskerstrand
http://www.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Corruptissima re publica plurimæ leges
The greater the degeneration of the republic, the more of its laws
- ----------------------------
This email was digitally signed using the OpenPGP
standard. If you want to read more about this
The book: Sending Emails - The Safe Way: An
introduction to OpenPGP security is now
available in both Amazon Kindle and Paperback
format at
http://www.amazon.com/dp/B006RSG1S4/
- ----------------------------
Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJPsB+TAAoJEBbgz41rC5UIo0kP/3uOwAR7Z+eQieGqeWkRxWAy
IemTMd40PbBiF9ppjKRMSSKBUoHt99niBw0VVEiaK/LvZaaFr3p0giGsntjDHY9C
FTQh7s9u3UraG8IfK1Bt3r+mN7WgUMSeubkh0/nJ9BZZnz5sljKU6ra+00aUnX1V
LZvJmvRJfhoZIKgNVuzlDer/CsAfeCBzbC29PC4NDT6a0HDla8tPPtXrmOri24Ct
zGgReHOPvnFHkx2DiZLpLiYaDpI9fbQKQyo+IZ4HhdPTKeaTx1yMNVYSzsIwsKdm
dGumQekFAf/+5MjU07JHATBclpGzDHAV/LPhEVa4/F9yF/ghldjoEUwNg26WTjrC
CpggLwL6KxUgLbb9nJr2YjAt2YKmDoJ4b3SGlEqSk/cAIoRHgYwV6Em2TFUYE6gp
b2VCwA33sDm3CZOYiKwV15Ejkwth1cRMDknIXmYJqANjtEpALwwnm4LMllEsC6R5
jlepHLE535S0txrw9VDlyPm9XMKiN9nCNPT9yzFWmMx0pg8PJGvn43ioQd4AuAq8
9acCsTeAps8u+65aDEQ84NeOvLbv6Qdclmj4OoiMM50SjELoTdvvDpG8Qd96yst5
9xmiPf5ykPP09L8zBfwChbrvX46vYClrgHpkQ0of1uCTf2Kjf1mYx+GDpzuCbsYR
rqy3QXv9Y2JFWCS0S9B6
=BD2n
-----END PGP SIGNATURE-----