[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] The pool is shrinking

From: Philihp Busby
Subject: Re: [Sks-devel] The pool is shrinking
Date: Fri, 21 Jun 2019 20:32:24 +0000
User-agent: Mutt/1.12.0 (2019-05-25)

Most of the keyservers support HKPS if you point to them directly...


I, for one, have also been doing what you did Todd, and switched my systems 
over to my own keyserver, because:

(A) I know for a fact I am not logging key requests, but there is no way for 
one to know this unless they operate their own keyserver.
(B) I choose trust standard root CAs, which are known to be well-audited, and 
can get a free cert through LetsEncrypt
(C) Even if I could get a cert with Kristian's self-signed CA, I have no 
assurance that it hasn't been compromised.

That said, I will honestly soon switch over to hkps:// because 
I believe people should have a right to request their identity be removed from 
the network.

On 2019-06-21T12:22:57Z, Todd Fleisher wrote:
On Jun 21, 2019, at 8:00 AM, Skip Carter <address@hidden> wrote:

Signed PGP part
As a newcomer to the pool, I have to agree.
There are several impediments to becoming a keyserver that just
shouldn't be and the need for daily poking at it is just one of those
things.  There were several times where I was just ready to give up on

FWIW - in my experience, once you get things setup & dialed-in there is no need 
for daily poking at it. My load balanced pools have been running for months with 
only the occasional intervention required by me.

On Jun 21, 2019, at 6:21 AM, Hendrik Visage <address@hidden> wrote:

The word “cluster” there is the “problem” for hobby setups: we now have to 
source at least 2x 8GB RAM VMs, where the previous single 2-4GB VMs were 
sufficient to keep going

I can understand the frustration, but things change and in the current state of 
the SKS network more resources are required. I’d also say the idea of this 
being a “hobby” is in direct opposition to this being a public, production 
service that people rely on which IMO would always dictate at least 3 nodes for 

On Jun 21, 2019, at 12:33 AM, Kristian Fiskerstrand <address@hidden> wrote:

No, issuing certificates to servers not being able to keep up doesn't
improve the experience from anyone (the number of complaints I get from
users has dropped significantly). And its not really a strict
requirement, one can set up VMs / chroots for it on a relatively small

This could mean that people are having less issues with the HKPS pool, but it’s 
also possible there are other reasons for a decrease in complaints. Personally, I 
switched my systems (and the systems of users I support) away from using the HKPS 
pool in favor of using my server(s) due to the ongoing complaints about 
intermittent availability & performance issues in the HKPS pool. That’s not 
meant as a dig on your approach, just letting you know my experience. On the 
contrary, I found you to be quite responsive last September when I reported a major 
issue with 2/3 of the servers in the HKPS pool generating 502 errors.


Sks-devel mailing list

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]