[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] status page
|
From: |
Daniel Kahn Gillmor |
|
Subject: |
Re: [Sks-devel] status page |
|
Date: |
Fri, 18 Apr 2014 17:24:14 -0400 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.3.0 |
On 04/18/2014 04:42 PM, Simon Lange wrote:
> "bad ppl" could pretend offering a public service using my machines they
> dont own nor they administre nor they run. my machines would support
> that passivly. think this is easy to understand. and also has some legal
> implications. just imagine feds want to seize all machines of some "bad
> ppl"and pinpoint using the IPs the get from running services under
> badppl's domains... not worth the risk while easy to avoid.
> we dont gossip with everyone without "handshaking" first. i keep it that
> way same with the pool. :)
I'm sorry, but this concern is not related to SKS; this is the way the
internet works.
Here's another example, not related to SKS: If you reverse the string
"illuminati" and then append ".org", and put it in your web browser, you
will find yourself instead at the homepage of an organization that
probably does not want themselves to be publicly affiliated with the
illuminati.
The nature of the SKS pool is that different people address it in
different ways. for example, there are sub-pools that your keyserver
might be part of, and they each have different names. There are also
other well-known names (like keys.gnupg.net) that themselves are aliased
to the pool.
If you want your SKS instance to work with the various labels and pools
that are available, you will let your SKS instance be addressed by
arbitrary names.
If you don't want your SKS instance to participate in the pool, you
don't need to answer to different names. that's fine too; but please
don't accuse the pool coordinator (kristian) of setting up these rules
to make trouble for you or any other keyserver operator; rather, he's
trying to make it so that people who rely on any of the pools (directly
or indirectly) will always reach a functioning keyserver. If you don't
want to be in the pool because you don't want to take the same risk that
every other web site takes, that's OK; you can still sync keys with
members of the pool, but your keyserver won't be queried by people using
the pool.
hope this helps explain the reason behind this requirement.
--dkg
signature.asc
Description: OpenPGP digital signature
- Re: [Sks-devel] status page, (continued)
- Re: [Sks-devel] status page, Tobias Frei, 2014/04/18
- Re: [Sks-devel] status page, Martin Papik, 2014/04/18
- Re: [Sks-devel] status page, Simon Lange, 2014/04/18
- Re: [Sks-devel] status page, Martin Papik, 2014/04/18
- Re: [Sks-devel] status page, Simon Lange, 2014/04/18
- Re: [Sks-devel] status page, Martin Papik, 2014/04/18
- Re: [Sks-devel] status page, Simon Lange, 2014/04/18
- Re: [Sks-devel] status page, Martin Papik, 2014/04/18
- Re: [Sks-devel] status page, Simon Lange, 2014/04/18
- Message not available
- Message not available
- Re: [Sks-devel] status page, Simon Lange, 2014/04/18
- Re: [Sks-devel] status page,
Daniel Kahn Gillmor <=
- Re: [Sks-devel] status page, Simon Lange, 2014/04/18
- Re: [Sks-devel] status page, Arnold, 2014/04/19
- Re: [Sks-devel] status page, Tobias Frei, 2014/04/18
- Message not available
- Message not available
- Message not available
- Re: [Sks-devel] status page, Simon Lange, 2014/04/18
- Re: [Sks-devel] status page, Phil Pennock, 2014/04/18
- Re: [Sks-devel] status page, Simon Lange, 2014/04/18
- Re: [Sks-devel] status page, Phil Pennock, 2014/04/19
- Re: [Sks-devel] status page, Kiss Gabor (Bitman), 2014/04/19
- Re: [Sks-devel] status page, Tobias Frei, 2014/04/19
- Re: [Sks-devel] status page, Simon Lange, 2014/04/19