Re: [Sks-devel] IPv6 peering; keydumps annoyingly large

[Robert J. Hansen]

On Wed, 01 Jun 2011 11:09:27 -0700, Scott Grayban <address@hidden>
wrote:
> Maybe I'm the rookie here but not a linux "rookie", I have been using
> linux for the past 15 years, just google my name, and I always run into
> the group that would rather take the "easiest way" and ignore a issue
> that is bound to come up.

Appealing to credentials is unlikely to convince people.  There's always
someone around with more credentials and always someone around with less,
and none of that makes much a difference when it comes to deciding what to
do and why.

I have always found a good rule of thumb for systems to be not to worry
too much.  If you can see a potential problem when it's on the horizon,
then you can watch it for a while and decide what countermeasures need to
be taken once you have a better handle on the scope and impact of both the
problem and the potential solutions.  Problems that are spotted on the
horizon almost never come back to bite you.  It's problems that you didn't
see coming until they're right on top of you that can really wreck your
weekend plans.

Consider IPv4/IPv6 as an example -- even though we're (effectively) out of
IPv4 addresses, this isn't a problem.  The internet still works fine. 
People who needed allocations made sure to get them before we ran out. 
We're currently in a state of some stress to the system, but it's not any
sort of calamity or disaster.  Now, if IPv4 exhaustion came out of the blue
and nobody saw it coming... then we'd have a big problem.

Don't worry so much.  :)  Is the DB growing?  Sure.  What's the rate of DB
growth?  Far less than the growth rate of cheap physical storage media. 
Are we keeping our eyes on it?  Yes.  Should we do anything about it right
now?  Nope.

If you want to talk about "okay, so what do we do if/when...", go right
ahead: I think that's very constructive.  Appeals to Chicken Littleism and
the sky is about to fall, though -- well, I tune out.

> I hear that some
> people are already running into corrupt PTree db's and have to rebuild
> them every few weeks... just this alone should be a warning.

Cite, please.  "Hearing that" is an appeal to apocryphal anecdote.  Who's
having these problems, and what's been done to determine the cause of the
problems?

> PGP (keyserver.pgp.com) has been allowing keys to be deleted for years
> and they even scrub their DB of revoked and expired keys and that hasn't
> degraded the trust yet.

Apples and oranges.  The PGP Keyserver is trying to meet a different niche
than the keyserver network.  Speaking just for myself, I wish them luck in
achieving their goals, and I suspect they wish us luck in achieving ours.