[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: shutdown of and

From: Andrew Gallagher
Subject: Re: shutdown of and
Date: Tue, 22 Jun 2021 20:52:12 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.9.0

On 22/06/2021 19:28, Kiss Gabor (Bitman) wrote:
On Tue, 22 Jun 2021, Todd Fleisher wrote:

This service is deprecated. This means it is no longer maintained, and
new HKPS certificates will not be issued. Service reliability should not be 

Update 2021-06-21: Due to even more GDPR takedown requests, the DNS records for 
the pool will no longer be provided at all.

Do we establish an other pool with the remaining cca 30 hardcore server?
Same members, same data, same software. New domain.

I think the idea of a self-organising pool has fundamental flaws. A service that arbitrarily redirects your request to a desktop in some random bedroom (or worse!) is not tenable IMO. I would much prefer if individual operators were responsible for maintaining the availability of their own service, and users chose between them based on their own preference.

Also, any pool running SKS (the software) would suffer from all the same reliability and compliance issues that led to the old one being shut down. I believe we should declare both the SKS codebase and the pool (as a concept) dead at this point.

Currently there seem to be three options for SKS operators who wish to keep running:

Hockeypuck is maintained and in use by a group of about a dozen nodes that have been synchronising with the SKS network for some time. It is more reliable than SKS, and has blacklisting configuration parameters that allow for easier compliance with GDPR. It does not yet solve all known abuse and privacy issues, so remains a work in progress.

Hagrid is mature and reliable, but a) it does not synchronise with anything, and b) it does not serve third-party signatures.

The last option is WKS/WKD, which favours a corporate environment. The tooling and UX on the publication side is immature, but for key lookup, on sufficiently modern clients, it Just Works. The disadvantages are a) it only serves keys whose emails are in its own domain, and b) it does not synchronise with anything by default (but this can be scripted).

I believe a mixture of WKS and synchronising keyservers will be required for the foreseeable future. I would encourage SKS operators to migrate to Hockeypuck and help contribute to its development, so that we can start to address some of the design issues in recon, without having to worry any more about backwards compatibility with SKS. :-)

Andrew Gallagher

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]