[Sks-devel] Raising the floor for the pool to SKS version 1.1.6 [was: Re

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sks-devel] Raising the floor for the pool to SKS version 1.1.6 [was: Re

From:	Daniel Kahn Gillmor
Subject:	[Sks-devel] Raising the floor for the pool to SKS version 1.1.6 [was: Re: Importing ed25519 subkeys from SKS < 1.1.6]
Date:	Wed, 06 Sep 2017 18:16:38 -0400

(adding sks-devel to this thread since it discussies changing the
minimum bar for the pool)

On Wed 2017-09-06 23:46:59 +0200, Kristian Fiskerstrand wrote:
> On 09/06/2017 11:33 PM, Werner Koch wrote:
>
>> including all of the RSA and DSA subkeys.  But not the original
>> requested ed25519 key.  It seems SKS 1.1.5 partly supports ed25519 keys
>> but for example does not return them.
>
> No, 1.1.5 supports RFC6637 but not the ed25519/curve25519 variants
>
>> Hopefully the remaining SKS 1.1.5 installations will soon update to
>> 1.1.6 which does not have this problem.
>
> hkp://subset.pool.sks-keyservers.net requires SKS 1.1.6, I've been
> pondering requiring the main pool to use this , which can be discussed
> if we want to push ed25510/curve25519

SKS 1.1.6 was released over 1 year ago (on 2016-08-07).  It is well
tested and widely deployed.

looking at https://sks-keyservers.net/status/ -- i'd say we can afford
to move to SKS 1.1.6 for the main pool.

We will (temporarily) go from 116 members of the main pool to 85 -- a
loss of about 25%.  But we also provide an incentive for those members
to upgrade to 1.1.6, so i expect we'll make some of that back.

We only lose 3 members from the hkps pool, and 2 members from the
onionbalance, so i'd recommend making it a minimum there too.

About feasibility of upgrades: version-wise, people tend to treat debian
as the "old, out of date distro", and for debian:

 * Debian stable (stretch) has SKS 1.1.6.

 * people running debian oldstable (jessie) can install 1.1.6 from
   jessie-backports.

People running keyservers on ubuntu LTS will need to find a PPA or some
other alternative (xenial offers only 1.1.5 in universe), but so it goes
:/ (I note that a previous attempt to get a backport into an ubuntu LTS
appears to have gone unresolved:
https://bugs.launchpad.net/trusty-backports/+bug/1435397 -- but perhaps
micahg can be convinced to update his ppa in a similar way at least)

I recommend requiring at least SKS 1.1.6 for membership in all the
pools.

        --dkg

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Sks-devel] Raising the floor for the pool to SKS version 1.1.6 [was: Re: Importing ed25519 subkeys from SKS < 1.1.6], Daniel Kahn Gillmor <=
- Re: [Sks-devel] Raising the floor for the pool to SKS version 1.1.6 [was: Re: Importing ed25519 subkeys from SKS < 1.1.6], Kristian Fiskerstrand, 2017/09/06
  - Re: [Sks-devel] Raising the floor for the pool to SKS version 1.1.6 [was: Re: Importing ed25519 subkeys from SKS < 1.1.6], Jeremy T. Bouse, 2017/09/06
- Re: [Sks-devel] Raising the floor for the pool to SKS version 1.1.6 [was: Re: Importing ed25519 subkeys from SKS < 1.1.6], Kristian Fiskerstrand, 2017/09/06

Prev by Date: [Sks-devel] sks-keyservers.net: increased minimum requirement to SKS 1.1.6
Next by Date: Re: [Sks-devel] Raising the floor for the pool to SKS version 1.1.6 [was: Re: Importing ed25519 subkeys from SKS < 1.1.6]
Previous by thread: [Sks-devel] sks-keyservers.net: increased minimum requirement to SKS 1.1.6
Next by thread: Re: [Sks-devel] Raising the floor for the pool to SKS version 1.1.6 [was: Re: Importing ed25519 subkeys from SKS < 1.1.6]
Index(es):
- Date
- Thread