[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Peers
|
From: |
Phil Pennock |
|
Subject: |
Re: [Sks-devel] Peers |
|
Date: |
Thu, 6 Apr 2017 22:13:18 +0000 |
On 2017-04-05 at 23:30 +0200, Peter Sunde Kolmisoppi wrote:
> Setting up a keyserver and looking for peers!
> The machine is located in sweden and will be used for research and internal
> pgp signing / checking, and not public facing.
If the :11371 port is open to the world, to support roaming users, then
you're going to end up in the public pools anyway.
Every keyserver exports its status on a special URL, including a list of
which services it peers with. Anyone can then spider the mesh and build
lists of keyservers. This is how sks-keyservers.net does it and that
pool is what keys.gnupg.net is aliased to.
So either you'll need to not allow :11371 outside your network, or
you'll need to arrange with pool operators to be manually excluded. The
only pool operator I know of which is worth worrying about is
sks-keyservers.net.
-Phil
- [Sks-devel] Peers, Peter Sunde Kolmisoppi, 2017/04/05
- Re: [Sks-devel] Peers,
Phil Pennock <=