[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: shutdown of pgpkeys.co.uk and pgpkeys.uk
|
From: |
Andrew Gallagher |
|
Subject: |
Re: shutdown of pgpkeys.co.uk and pgpkeys.uk |
|
Date: |
Tue, 22 Jun 2021 20:52:12 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.9.0 |
On 22/06/2021 19:28, Kiss Gabor (Bitman) wrote:
On Tue, 22 Jun 2021, Todd Fleisher wrote:
This service is deprecated. This means it is no longer maintained, and
new HKPS certificates will not be issued. Service reliability should not be
expected.
Update 2021-06-21: Due to even more GDPR takedown requests, the DNS records for
the pool will no longer be provided at all.
Do we establish an other pool with the remaining cca 30 hardcore server?
Same members, same data, same software. New domain.
I think the idea of a self-organising pool has fundamental flaws. A
service that arbitrarily redirects your request to a desktop in some
random bedroom (or worse!) is not tenable IMO. I would much prefer if
individual operators were responsible for maintaining the availability
of their own service, and users chose between them based on their own
preference.
Also, any pool running SKS (the software) would suffer from all the same
reliability and compliance issues that led to the old one being shut
down. I believe we should declare both the SKS codebase and the pool (as
a concept) dead at this point.
Currently there seem to be three options for SKS operators who wish to
keep running:
Hockeypuck is maintained and in use by a group of about a dozen nodes
that have been synchronising with the SKS network for some time. It is
more reliable than SKS, and has blacklisting configuration parameters
that allow for easier compliance with GDPR. It does not yet solve all
known abuse and privacy issues, so remains a work in progress.
Hagrid is mature and reliable, but a) it does not synchronise with
anything, and b) it does not serve third-party signatures.
The last option is WKS/WKD, which favours a corporate environment. The
tooling and UX on the publication side is immature, but for key lookup,
on sufficiently modern clients, it Just Works. The disadvantages are a)
it only serves keys whose emails are in its own domain, and b) it does
not synchronise with anything by default (but this can be scripted).
I believe a mixture of WKS and synchronising keyservers will be required
for the foreseeable future. I would encourage SKS operators to migrate
to Hockeypuck and help contribute to its development, so that we can
start to address some of the design issues in recon, without having to
worry any more about backwards compatibility with SKS. :-)
--
Andrew Gallagher
OpenPGP_signature
Description: OpenPGP digital signature
- Re: shutdown of pgpkeys.co.uk and pgpkeys.uk, (continued)
- Re: shutdown of pgpkeys.co.uk and pgpkeys.uk, Gunnar Wolf, 2021/06/23
- Re: shutdown of pgpkeys.co.uk and pgpkeys.uk, Andrew Gallagher, 2021/06/23
- Re: shutdown of pgpkeys.co.uk and pgpkeys.uk, Gabor Kiss, 2021/06/23
- Re: shutdown of pgpkeys.co.uk and pgpkeys.uk, Andrew Gallagher, 2021/06/23
- Re: shutdown of pgpkeys.co.uk and pgpkeys.uk, Gunnar Wolf, 2021/06/23
- Re: shutdown of pgpkeys.co.uk and pgpkeys.uk, Andrew Gallagher, 2021/06/23
- Re: shutdown of pgpkeys.co.uk and pgpkeys.uk,
Andrew Gallagher <=
- Re: shutdown of pgpkeys.co.uk and pgpkeys.uk, Jeremy T. Bouse, 2021/06/22
- Re: shutdown of pgpkeys.co.uk and pgpkeys.uk, Jeremy T. Bouse, 2021/06/22