Re: [Sks-devel] status page

[Martin Papik]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 04/18/2014 11:42 PM, Simon Lange wrote:
> https://twitter.com/krifisk/status/456717051340791808 "With a HTTP
> Host header not belonging to the specific hostname? Note the -H
> 'Host.....' , 11371 should allow ALL traffic through"

Sounds more like a recommendation than a requirement. At least to me.
Maybe he'll chime in to clarify.

>> How would bad people benefit from your key-server responding to 
>> http://very.bad.com:11731/ anyway?
> 
> "bad ppl" could pretend offering a public service using my machines
> they dont own nor they administre nor they run. my machines would
> support that passivly. think this is easy to understand. and also
> has some legal implications. just imagine feds want to seize all
> machines of some "bad ppl"and pinpoint using the IPs the get from
> running services under badppl's domains... not worth the risk while
> easy to avoid. we dont gossip with everyone without "handshaking"
> first. i keep it that way same with the pool. :)

Feds aren't stupid. Your machines wouldn't support anything, and
they'd merely be more victims of criminals. Personally I don't see
this as an argument. Otherwise you could say that merely having a
public IP puts you at risk of having your servers seized because
anyone can point their domains at them. On the other hand if your
servers already contain something that might be interesting to the
feds, you might be in trouble and you should be cautious. If you're
worried, maybe you should contact the feds to find out what puts you
at risk of HW seizure. :-) After all, I'm not qualified to give you
legal advice. Merely expressing my personal opinion. Good luck.

Martin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJTUZfMAAoJELsEaSRwbVYr86MQAJpuB/hsVtiJGtMNEQElzmtu
cTrHEWz9HyfjDtTzJVD7OXMSTeIxBXx2yDvtNSvjbWq0jGYd6F93TtGMyHlYAdw7
+O7kvn0H8C/AfwzXKk+cqyaB0Mxr7r1OP2GV0o7WOYK6X6V8h8ZmWm2sqMnY/fMt
DxdZriLCs5VaKPZ6bnzhojRQQhP44pdCMH/Lj+RSPUYEiFyppjpb7uI6faU4fBgy
C2TNU1qZ+YdFsLUTRZGv6yeZuE3zRVVqWclq1y8pVPG7+5QqIzJkPpCK/kiSLNkU
G6IacjVpCv51luTQb4hM5s7kH70DpF9ZiHIw9dqM0A/Cc8fs5EwA9jHD2L4Q4IX1
XF5ttLVy4FOCxjhkVzF5TgcpQ5i35HErJpqS+eylIya63MTIO8jzEynL7r6K16Rg
mqDmYLMaReK2Br3mMk4I+FcDmNsrgGV2pBpqn2mvRk9djex8ynm7Tyu1rDnxU9oO
Ec5eO1rWTwYlauAtGsD0rz4Wf+72CL+2EFRvQ8h13Ac2FTncMYemupvAzQxiAfAq
IbV0GTHYEgTRUv5UWmMdaJfhQYxi0aYucih6/JwveTLZf7G9dn4l0l5c33565sk0
0XcdpVeAkgFXqB3Jjio+L7ETc/kQ0KRUs0Oo+gU83Ze8UxmXBqu2v7A2AqS9Umgl
pifHjO3Zwp04LWUh7/xA
=VpKj
-----END PGP SIGNATURE-----