[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] status page
From: |
Tobias Frei |
Subject: |
Re: [Sks-devel] status page |
Date: |
Sat, 19 Apr 2014 13:03:12 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 |
Hi,
okay, I hope I don't need to explain why this e-mail caused me to remove
you, Simon Lange, from my peering list.
It makes me sad to see such childish behavior on a mailing list like
this one.
btw, ur english doesnt make u look more kewl. c y?
Best regards,
Tobias Frei
Am 19.04.2014 02:21, schrieb Simon Lange:
>
> Am 18.04.2014 23:16, schrieb Phil Pennock:
>> On 2014-04-18 at 20:24 +0200, Simon Lange wrote:
>>> the reason why a reverse proxy is "required" is, because some
>>> require additional "security" at the nodes.
>
>> False.
> ehm. nope. thats is what ive been told when i asked y the reverse proxy. ;)
> but good to know. :=)
>
>>> yesterday i learned i
>>> have to give up control who is using his domain with my services. :/
>
>> False. As long as you can find people who will peer with you, you do
>> not need to be in any pools at all.
>
> thats not the topic. and its rude btw.
>
>
>>> currently for :80 i do accept all for ^(.*)pool.sks-keyservers.net and
>
>> Note that Kristian's pool is considered well-run and is used as the
>> target of CNAMEs by other people. Most notably, `keys.gnupg.net` is a
>> CNAME to `pool.sks-keyservers.net`.
>
>> So if you only whitelist for a pattern which, when unbroken, is:
>
>> ^(?:.+\.)?pool\.sks-keyservers\.net
>
>> then you've broken access by people using the default configuration of
>> GnuPG. Kristian doesn't want those people to experience a broken
>> service, so you don't get listed.
>
> and that is written where exactly? see? thats why i req techdoc?!
> but keys.gnupg.net is already covered too. ;)
>
>
>> Kristian _could_ decide to only support certain CNAMEs, then
>> exhaustively test for all of those working, then going through the
>> song-and-dance of de-listing most sites when he adds one more CNAME.
>> Instead, he just says "to be listed in my pools, then on port 11371, all
>> HTTP requests under `/pks/` should be passed to SKS, no matter what is
>> in the Host: header". This creates less stress, less bureaucracy, less
>> of a culture of having to ask permission for every action.
>
> allowing ALL is not a really good option. i already explained y. and a
> page with techdoc which hostnames should be allowed is not much.
> y using less procedure for pool reg than for gossip? whats the point
> with this? because less bureaucracy? less stress?
> i dont think its much stress and bureaucracy to tell ppl what hostnames
> should be able to use the service.
>
>
>>> domains using our services. its a matter of respect AND security. its an
>>> optin feature not a optout.
>
>> Absolutely: you don't need to be listed in a pool, there is no hard
>> requirement for it.
>
> right and you dont need to learn anything anymore since u know
> everything. oh wait. ;)
> try being less rude and try please to follow arguments.
>
>
>> _I_ won't give away _my_ bandwidth for free to provide others with keys
>> if they're not giving back to the community by being listed in public
>> pools. That's my choice, in not subsidising other peoples' businesses
>> and hobbies from my own pocket more than I already do with my time on
>> open source projects.
>
> that just proved that you didnt understand anything i wrote. this is not
> against good ppl. you dont protect your servers and your environment
> against "good ppl". you protect it against "bad ppl". so hard to
> understand?!
> and exactly THATS WHY i dont allow fqdn like keys.npd.de to use my
> keyserver. i dont support racist or inhuman parties/organizations. if
> you dont care for your community. okay. but for ppl who do care, its a
> maybe a problem to allow those ppl to advertise with services which are
> not run by them.
>
> all others are invited. gimme a short notice and i put them on. thats
> the concept of optin. this is how you configure firewalls too. deny all
> and tell whats allowed. in this case easy to do. thats why i really dont
> unerstand ur attitude.
>
>
>
>> That's okay. You and I don't have to peer. There is no one right way,
>
> nobody talks about peering. m)
>
>> no authority saying everyone must peer, no right to peering, no
>> expectation that everyone agree.
>
> m)
>
>
>> You can probably find other people who will peer with you.
>
> you dont get it. the topic is NOT peering. m)
>
>
>>> (11371). there is absolutely no reason for a via (which may exposes the
>>> used software)
>
>> You don't need to expose full version, but revealing "Apache/2" provides
>> enough for most debugging. If revealing even that much makes you
>> vulnerable, then you have bigger problems, because more intrusive
>> platform fingerprinting by those of malicious intent will identify your
>> platform anyway.
>
> you are derailing the topic.
>
>
>>> FQDNs to use that specifiy service. dont allow anyone except fqdn which
>>> did ask before is far more secure. (e.g. i dont want any raccist website
>>> to advertise with MY services under THEIR domain, but because i cannot
>>> KNOW all such domains, its better to deny all and allow a few).
>
>> Go ahead, use that policy. Find others who agree, create pool
>> definitions which tightly control which final hostnames can be used.
>
> you repeating urself. try arguments and read.
>
>
>> Kristian has made his pool software freely available for others to use:
>> https://code.google.com/p/sks-keyservers-pool/
>> I have made my own pool software freely available for others to use:
>> https://github.com/philpennock/sks_spider
>
>> You have two platforms available for you to run pools using whatever
>> criteria you like. Go for it. Just don't expect anybody to take you
>> seriously if you try telling us what criteria we are *allowed* to use
>> for our own pools.
>
> you really should learn reading and understanding. btw: "us"? i did
> SUGGEST things. you may reread.
>
>
>
>>> this is not a rant, but maybe sounds rude to some.
>
>> It was a rant. Your claiming otherwise did not make it not a rant and
> it was not. but you didnt understood anyway. who cares at this point of
> your rude mail.
>
>> Thank you for making your keyserver usable by the pools. I may
>> strenuously disagree with your stance and your demands, but as long as
>> you're providing a public service, I'm happy to continue peering with
>> you. If you change your mind about providing a public service which can
>> be freely listed by anyone, please do let me now and I will remove your
>> system from my peering membership list.
>
> bullshit galore. congratz. :D you completely missed the topic the point,
> everything.
>
>
>> -Phil
>
> *PLONK*
>
> --
> ________________________________________________________
> Simon Lange Consulting - Gaudystr. 6 - DE-10437 Berlin
> Telefon: +49(0)30/89757206 Mobil: +49(0)151/22640160
> ----------------------------------------http://s-l-c.biz
>
>
> _______________________________________________
> Sks-devel mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/sks-devel
>
smime.p7s
Description: S/MIME Cryptographic Signature
- Re: [Sks-devel] status page, (continued)
- Re: [Sks-devel] status page, Daniel Kahn Gillmor, 2014/04/18
- Re: [Sks-devel] status page, Simon Lange, 2014/04/18
- Re: [Sks-devel] status page, Arnold, 2014/04/19
- Re: [Sks-devel] status page, Tobias Frei, 2014/04/18
- Message not available
- Message not available
- Message not available
- Re: [Sks-devel] status page, Simon Lange, 2014/04/18
- Re: [Sks-devel] status page, Phil Pennock, 2014/04/18
- Re: [Sks-devel] status page, Simon Lange, 2014/04/18
- Re: [Sks-devel] status page, Phil Pennock, 2014/04/19
- Re: [Sks-devel] status page, Kiss Gabor (Bitman), 2014/04/19
- Re: [Sks-devel] status page,
Tobias Frei <=
- Re: [Sks-devel] status page, Simon Lange, 2014/04/19
- Re: [Sks-devel] status page, Robert J. Hansen, 2014/04/19
- Re: [Sks-devel] status page, slange, 2014/04/19
- Message not available
- Re: [Sks-devel] status page, Robert J. Hansen, 2014/04/19
- Re: [Sks-devel] status page, Tobias Frei, 2014/04/20
- Re: [Sks-devel] status page, Robert J. Hansen, 2014/04/20
- Re: [Sks-devel] status page, Tobias Frei, 2014/04/20
- Re: [Sks-devel] status page, Frank Villaro-Dixon, 2014/04/20
- Re: [Sks-devel] status page, Christian Reiß, 2014/04/20
- Re: [Sks-devel] status page, Frank Villaro-Dixon, 2014/04/20