[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] status page
From: |
Martin Papik |
Subject: |
Re: [Sks-devel] status page |
Date: |
Fri, 18 Apr 2014 23:10:05 +0300 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 04/18/2014 10:37 PM, Simon Lange wrote:
> Ive been told that it is required to allow ALL incoming traffic to
> the IP of my keyserver for port 11371 no matter what hostname is
> requested. that would - of course - allow everyone on this planet
> to pinpoint his FQDN to my server using my service.
>
> usually i use hostname directives. e.g. keys.s-l-c.biz or
> keys.bundes.it or (.*)pool.sks-keyservers.net i prefer that because
> that way i can avoid that ppl use my services with their fqdn i
> dont like (like raccists facists and other bad ppl).
You of course can (should?) limit the HTTP host names to whatever you
expect, but I've never heard of a requirement to answer ALL host
names. A response to the raw IP address would be probably good, but
are you really required to answer http://blablabla/ on tcp/11371? I've
never heard about such a requirement. Not beyond answering requests
for the pool host name if you wish to participate in a pool.
Answering ALL host names just makes you willing to participate in any
pool by default, without extra maintenance. But again, AFAIK this
isn't a requirement. Am I misinformed?
How would bad people benefit from your key-server responding to
http://very.bad.com:11731/ anyway?
AFAIK today the key server doesn't serve arbitrary pictures, when it
will this will be an issue, more because of spam I expect than on
account of nasty web sites.
Does lighthttpd (which you seem to be using) expose some kind of a
forward proxy?
Martin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCgAGBQJTUYaMAAoJELsEaSRwbVYrXEAQALUBEBCbREvfHQ5DdZ8ZPrc/
H+kiZ88CBoPiMVL/RtZGW7hfgKg5A3b/4VcxtHrqgABPEwmUNoDKRuG9VBtR/Xjd
BU4/5/Wxkw0cXgrFT8MeUXpRQIbeq7PT0R2RyM3wDGhLmeh9TtW6EEDrhtVcgVJo
MC2VCLwbz6STSYOlMxUD1epecFLsZLVXPSHVS3bH89As3H1MfK2V7vofk8Z7cEhZ
dhBOlY8F198N9E+meF9C+vWinjHMFSCSvNWnS8RkhFj7TLKKUOdBetVtiYndm8fO
o7Ij+srvT3uITjbHBVJN4L1JAuUh6WDurmHPVNwwIWEVqFH2joeoHDCmUaLvZmUp
170cM5ym9weDNJVJFipA2W0CkFG9x+KZBK6PyeDB/+KSrthCZSsCRw3/VNCzXKr8
xwSawnmdnyoJTf3iPbWD8sHKo4Q3TC4lhlNDV6k+roFroZTgLS+vhHxRz9tzTmou
c3X/yyENwqByoR326RybXRUE3j8hGHgrBkmUM6MTAzWGQRfnzWd9I1ERIP36GY20
OKNmt4qbHWpsRdy1Mj3JD34vslTraqoSG9SAm5Qjh+tPQwRjPL6zaQ9RSQ0k1bqe
xQOkpqOmSDx0eKxkggU9OtqTbScFIEqMR8iW2oAfUVnQsVaMEV2Gy+aZXXDCgGLR
3XYwG6DRlT3DaQn6unk5
=Dc7u
-----END PGP SIGNATURE-----
- [Sks-devel] status page, Simon Lange, 2014/04/17
- Re: [Sks-devel] status page, Tobias Frei, 2014/04/17
- Re: [Sks-devel] status page, Simon Lange (BIT), 2014/04/17
- Re: [Sks-devel] status page, Tobias Frei, 2014/04/18
- Re: [Sks-devel] status page, Tobias Frei, 2014/04/18
- Re: [Sks-devel] status page, Martin Papik, 2014/04/18
- Re: [Sks-devel] status page, Simon Lange, 2014/04/18
- Re: [Sks-devel] status page, Martin Papik, 2014/04/18
- Re: [Sks-devel] status page, Simon Lange, 2014/04/18
- Re: [Sks-devel] status page,
Martin Papik <=
- Re: [Sks-devel] status page, Simon Lange, 2014/04/18
- Re: [Sks-devel] status page, Martin Papik, 2014/04/18
- Re: [Sks-devel] status page, Simon Lange, 2014/04/18
- Message not available
- Message not available
- Re: [Sks-devel] status page, Simon Lange, 2014/04/18
- Re: [Sks-devel] status page, Daniel Kahn Gillmor, 2014/04/18
- Re: [Sks-devel] status page, Simon Lange, 2014/04/18
- Re: [Sks-devel] status page, Arnold, 2014/04/19
- Re: [Sks-devel] status page, Tobias Frei, 2014/04/18
- Message not available
- Message not available
- Message not available
- Re: [Sks-devel] status page, Simon Lange, 2014/04/18
- Re: [Sks-devel] status page, Phil Pennock, 2014/04/18