Re: [Sks-devel] sks pool membership registration

[Daniel Kahn Gillmor]

On 06/26/2013 03:48 PM, Phil Pennock wrote:
> We added "Server contact:" to the stats page, configured by
> "server_contact:" in sksconf, which lets folks set the PGP keyid of the
> operator, without directly putting email addresses into a scrapeable
> page, and Kristian collects that already, showing it as address@hidden after 
> some
> server names.
> 
> Perhaps we should add a "pool_policy:" statement, which applies to
> everyone running any kind of pool, with a very simple grammar?
> 
> Space separated keywords or key=value pairs?  Keywords and keys
> case-insensitive?
> 
>  Keyword: skip
>  Action:  takes precedence over any other keyword encountered, do not
>           include in pools
> 
>  Keyword: hkp-only
>  Action:  do not poll for hkps connectivity, do not try to include in
>           pool; takes precedence over hkpsport.
> 
>  Key:     hkpsport=11373
>  Action:  HKPS service offered, any SRV records should reference this
>           port; if port is not 443, do not include in non-SRV pool
>           definitions.
> 
>  Key:     monitoruid=2
>  Action:  On notifiable event, please send an email to the Nth-oldest
>           (2nd-oldest in example) uid present on the key found via
>           server_contact.  Counting includes revoked uids.
> 
> That's off the top of my head, for a strawman proposal.  Feel free to
> point out the many and varied ways in which this proposal sucks.

i like this proposal.

i'd change "monitoruid" to just "notify" (no arguments needed, this is a
boolean) and have any notifications get sent to the most-recent valid
primary User ID of the associated server_contact.  if a server operator
can't receive mail at their primary User ID, they have other problems :)
 I don't think introducing "the nth-oldest" is a useful
complexity/feature tradeoff.

        --dkg

signature.asc
Description: OpenPGP digital signature