Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from G

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from G

From:	Daniel Kahn Gillmor
Subject:	Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG
Date:	Mon, 23 Mar 2009 16:17:47 -0400
User-agent:	Mozilla-Thunderbird 2.0.0.19 (X11/20090103)

On 03/23/2009 04:02 PM, David Shaw wrote:
> On Sun, Mar 22, 2009 at 07:41:50PM -0400, Daniel Kahn Gillmor wrote:
>> has any thought been
>> given to requiring members of the keyserver pools to not run that
>> version of SKS?  keys.gnupg.net itself contains several keyservers
>> running 1.0.10, which misbehave in response to standard gpg searches by
>> keyid.
> 
> None that I know of.  Eventually, such a thing will be necessary, but
> it would have to be done via whoever controls the particular keyserver
> round-robin.

Kristian Fiskerstrand, i believe you're controlling
pool.sks-keyservers.net -- do you have any plans to reject members
running known-buggy versions?

Who controls keys.gnupg.net?  Werner?  Do you have plans to do any
filtering like this?  It seems like it would be useful to have a pool
that rejects hosts that at least admit to running versions with
significant known bugs.

Those of you who run keyserver pools: what software do you run to manage
the DNS?  Does it have the ability to reject by reported version?

> The odd thing here is that version has been broken for at least 2
> years, as I reported the problem in 2006.  Did nobody else notice, or
> are there still a bunch of 1.0.9 SKSes out there?

I agree that's pretty weird, but i think that most people don't
understand OpenPGP well enough to know that a failed search by key ID is
actually an error, or who to report it to if they see it (this is
especially true when the details of who is responsible is hidden by
round-robin DNS, and the problems seem intermittent).  In fact, come to
think of it, i saw behavior months ago which i now believe could be
attributed to this; a friend searched for my key through enigmail by
keyid, and couldn't find it.  I second-guessed myself at the time, and
thought that maybe you just can't search by keyid, and i'd been
misremembering.

I wouldn't be surprised if it gives people the general impression that
gpg or enigmail or keyservers or OpenPGP are just flakey tools.  That
would be a shame, since a lot of infrastructure that i care about relies
on them being non-flakey.

        --dkg

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG, (continued)
- Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG, Kim Minh Kaplan, 2009/03/22
  - Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG, Daniel Kahn Gillmor, 2009/03/22
    - Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG, Phil Pennock, 2009/03/22
    - Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG, David Shaw, 2009/03/22
    - Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG, Daniel Kahn Gillmor, 2009/03/22
    - Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG, Yaron Minsky, 2009/03/22
    - Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG, Daniel Kahn Gillmor, 2009/03/22
    - Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG, Yaron Minsky, 2009/03/23
    - Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG, David Shaw, 2009/03/23
    - Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG, David Shaw, 2009/03/23
    - Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG, Daniel Kahn Gillmor <=
    - [Sks-devel] Re: problems with SKS 1.0.10 when searching by key ID from GnuPG, Kristian Fiskerstrand, 2009/03/24
    - Re: [Sks-devel] Re: problems with SKS 1.0.10 when searching by key ID from GnuPG, Daniel Kahn Gillmor, 2009/03/24
    - Re: [Sks-devel] Re: problems with SKS 1.0.10 when searching by key ID from GnuPG, Phil Pennock, 2009/03/25
    - Re: [Sks-devel] Re: problems with SKS 1.0.10 when searching by key ID from GnuPG, Phil Pennock, 2009/03/25
    - Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG, John Clizbe, 2009/03/23
    - Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG, Daniel Kahn Gillmor, 2009/03/24
    - Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG, Phil Pennock, 2009/03/24
    - Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG, jack-sks-devel, 2009/03/24

Prev by Date: Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG
Next by Date: [Sks-devel] Re: [PATCH] Keep DNS mappings fresh
Previous by thread: Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG
Next by thread: [Sks-devel] Re: problems with SKS 1.0.10 when searching by key ID from GnuPG
Index(es):
- Date
- Thread