Re: [Sks-devel] status page

[Tobias Frei]

Hi,

okay, I hope I don't need to explain why this e-mail caused me to remove
you, Simon Lange, from my peering list.

It makes me sad to see such childish behavior on a mailing list like
this one.

btw, ur english doesnt make u look more kewl. c y?


Best regards,
Tobias Frei


Am 19.04.2014 02:21, schrieb Simon Lange:
> 
> Am 18.04.2014 23:16, schrieb Phil Pennock:
>> On 2014-04-18 at 20:24 +0200, Simon Lange wrote:
>>>        the reason why a reverse proxy is "required" is, because some
>>> require additional "security" at the nodes.
> 
>> False.
> ehm. nope. thats is what ive been told when i asked y the reverse proxy. ;)
> but good to know. :=)
> 
>>>                                                    yesterday i learned i
>>> have to give up control who is using his domain with my services. :/
> 
>> False.  As long as you can find people who will peer with you, you do
>> not need to be in any pools at all.
> 
> thats not the topic. and its rude btw.
> 
> 
>>> currently for :80 i do accept all for ^(.*)pool.sks-keyservers.net and
> 
>> Note that Kristian's pool is considered well-run and is used as the
>> target of CNAMEs by other people.  Most notably, `keys.gnupg.net` is a
>> CNAME to `pool.sks-keyservers.net`.
> 
>> So if you only whitelist for a pattern which, when unbroken, is:
> 
>>  ^(?:.+\.)?pool\.sks-keyservers\.net
> 
>> then you've broken access by people using the default configuration of
>> GnuPG.  Kristian doesn't want those people to experience a broken
>> service, so you don't get listed.
> 
> and that is written where exactly? see? thats why i req techdoc?!
> but keys.gnupg.net is already covered too. ;)
> 
> 
>> Kristian _could_ decide to only support certain CNAMEs, then
>> exhaustively test for all of those working, then going through the
>> song-and-dance of de-listing most sites when he adds one more CNAME.
>> Instead, he just says "to be listed in my pools, then on port 11371, all
>> HTTP requests under `/pks/` should be passed to SKS, no matter what is
>> in the Host: header".  This creates less stress, less bureaucracy, less
>> of a culture of having to ask permission for every action.
> 
> allowing ALL is not a really good option. i already explained y. and a
> page with techdoc which hostnames should be allowed is not much.
> y using less procedure for pool reg than for gossip? whats the point
> with this? because less bureaucracy? less stress?
> i dont think its much stress and bureaucracy to tell ppl what hostnames
> should be able to use the service.
> 
> 
>>> domains using our services. its a matter of respect AND security. its an
>>> optin feature not a optout.
> 
>> Absolutely: you don't need to be listed in a pool, there is no hard
>> requirement for it.
> 
> right and you dont need to learn anything anymore since u know
> everything. oh wait. ;)
> try being less rude and try please to follow arguments.
> 
> 
>> _I_ won't give away _my_ bandwidth for free to provide others with keys
>> if they're not giving back to the community by being listed in public
>> pools.  That's my choice, in not subsidising other peoples' businesses
>> and hobbies from my own pocket more than I already do with my time on
>> open source projects.
> 
> that just proved that you didnt understand anything i wrote. this is not
> against good ppl. you dont protect your servers and your environment
> against "good ppl". you protect it against "bad ppl". so hard to
> understand?!
> and exactly THATS WHY i dont allow fqdn like keys.npd.de to use my
> keyserver. i dont support racist or inhuman parties/organizations. if
> you dont care for your community. okay. but for ppl who do care, its a
> maybe a problem to allow those ppl to advertise with services which are
> not run by them.
> 
> all others are invited. gimme a short notice and i put them on. thats
> the concept of optin. this is how you configure firewalls too. deny all
> and tell whats allowed. in this case easy to do. thats why i really dont
> unerstand ur attitude.
> 
> 
> 
>> That's okay.  You and I don't have to peer.  There is no one right way,
> 
> nobody talks about peering. m)
> 
>> no authority saying everyone must peer, no right to peering, no
>> expectation that everyone agree.
> 
> m)
> 
> 
>> You can probably find other people who will peer with you.
> 
> you dont get it. the topic is NOT peering. m)
> 
> 
>>> (11371). there is absolutely no reason for a via (which may exposes the
>>> used software)
> 
>> You don't need to expose full version, but revealing "Apache/2" provides
>> enough for most debugging.  If revealing even that much makes you
>> vulnerable, then you have bigger problems, because more intrusive
>> platform fingerprinting by those of malicious intent will identify your
>> platform anyway.
> 
> you are derailing the topic.
> 
> 
>>> FQDNs to use that specifiy service. dont allow anyone except fqdn which
>>> did ask before is far more secure. (e.g. i dont want any raccist website
>>> to advertise with MY services under THEIR domain, but because i cannot
>>> KNOW all such domains, its better to deny all and allow a few).
> 
>> Go ahead, use that policy.  Find others who agree, create pool
>> definitions which tightly control which final hostnames can be used.
> 
> you repeating urself. try arguments and read.
> 
> 
>> Kristian has made his pool software freely available for others to use:
>>   https://code.google.com/p/sks-keyservers-pool/
>> I have made my own pool software freely available for others to use:
>>   https://github.com/philpennock/sks_spider
> 
>> You have two platforms available for you to run pools using whatever
>> criteria you like.  Go for it.  Just don't expect anybody to take you
>> seriously if you try telling us what criteria we are *allowed* to use
>> for our own pools.
> 
> you really should learn reading and understanding. btw: "us"? i did
> SUGGEST things. you may reread.
> 
> 
> 
>>> this is not a rant, but maybe sounds rude to some.
> 
>> It was a rant.  Your claiming otherwise did not make it not a rant and
> it was not. but you didnt understood anyway. who cares at this point of
> your rude mail.
> 
>> Thank you for making your keyserver usable by the pools.  I may
>> strenuously disagree with your stance and your demands, but as long as
>> you're providing a public service, I'm happy to continue peering with
>> you.  If you change your mind about providing a public service which can
>> be freely listed by anyone, please do let me now and I will remove your
>> system from my peering membership list.
> 
> bullshit galore. congratz. :D you completely missed the topic the point,
> everything.
> 
> 
>> -Phil
> 
> *PLONK*
> 
> -- 
> ________________________________________________________
> Simon Lange Consulting  - Gaudystr. 6  - DE-10437 Berlin
> Telefon: +49(0)30/89757206 Mobil: +49(0)151/22640160
> ----------------------------------------http://s-l-c.biz
> 
> 
> _______________________________________________
> Sks-devel mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/sks-devel
>

smime.p7s
Description: S/MIME Cryptographic Signature