[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] keyserver.gingerbear.net: Dynamic IP Update didn't
|
From: |
David Shaw |
|
Subject: |
Re: [Sks-devel] keyserver.gingerbear.net: Dynamic IP Update didn't |
|
Date: |
Fri, 13 Mar 2009 13:19:35 -0400 |
|
User-agent: |
Mutt/1.5.18 (2008-05-17) |
On Fri, Mar 13, 2009 at 01:00:42PM -0400, Daniel Kahn Gillmor wrote:
> I'm confident in this instance that your message is correct and
> reasonable. But in combination with the recently-raised concerns about
> misbehaving peers being able to cause massive memory overconsumption for
> sks instances, and the well-known frailties of DNS, this sort of
> situation starts making me nervous.
>
> I'd prefer to peer with well-authenticated remote hosts, and i also
> wouldn't particularly mind if the gossip traffic itself were
> cryptographically integrity-checked and/or private.
>
> Given our discussions about wrapping HKP client-server connections in
> TLS, this suggests that it might be worthwhile to consider using TLS
> (even with a NULL cipher suite if people decide they don't care about
> privacy) for gossip connections. Has anyone considered or implemented this?
If a misbehaving peer can cause problems with sks, a misbehaving peer
can still cause problems with sks even if the connection is
authenticated. Not the authenticating and/or encrypting connections
is necessarily bad, but it doesn't really solve the memory problem.
I suppose it might help keep out a potential malicious gossiper, but
(and correct me if I'm wrong) aren't the gossip connections configured
manually anyway?
David