sks-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] [GnuPG-users] sks-keyservers.net: Changes to pools / SRV

From: Jeffrey Johnson
Subject: Re: [Sks-devel] [GnuPG-users] sks-keyservers.net: Changes to pools / SRV Weights
Date: Sun, 13 May 2012 09:29:02 -0400 
On May 13, 2012, at 9:05 AM, Kristian Fiskerstrand wrote:

> 
> So more reverse-proxy enabled servers* would be a good thing for the
> pool.
> 

As usual, I find myself with a minority/contrarian and likely controversial 
opinion:

        Are reverse proxy servers really a good thing?

There's a complexity cost in running servers with a reverse proxy.

And the DoS (and other issues) fixed by interposing a reverse proxy
are masking fundamental design flaws in the SKS server itself:
        1) lack of threading
        2) unavailable for long periods when "bulk transport" rather
        than gossip is in effect or (the DoS) when a connection is deliberately
        maliciously delayed.

Putting a band-aid on an issue isn't the best engineering, nor is reverse proxy
necessarily the "best" engineering solution even if adding a reverse proxy
is relatively simple, it isn't necessarily the only solution, just what "works".

> * (as an aside, I've added apache2 to the test now, in addition to nginx)
> 

My apache2 reverse proxy thanks you for the SRV weight boost ;-)

More seriously: adding a bias through an attribute like
        Uses reverse proxy?
might be useful considering the recent implementation/adoption.
As time moves on, there are surely other attributes of interest. Consider
        Has IPv6?
after a few more IPv6 days for example.

73 de Jeff
reply via email to
[Prev in Thread] Current Thread [Next in Thread]