Re: [Sks-devel] [GnuPG-users] sks-keyservers.net: Changes to pools / SRV

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] [GnuPG-users] sks-keyservers.net: Changes to pools / SRV

From:	Kristian Fiskerstrand
Subject:	Re: [Sks-devel] [GnuPG-users] sks-keyservers.net: Changes to pools / SRV Weights
Date:	Sun, 13 May 2012 16:32:56 +0200
User-agent:	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20120312 Thunderbird/11.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 2012-05-13 16:26, Gabor Kiss wrote:
>> Easiest way around it is using a properly defined membership file
>> that reference the hostname found in the sksconf. This is one of
>> the reasons I've provided a reference membership file[1].
> 
> It seems to be easy like replacing all domain names by IP addresses
> in configuration files but principally not correct.
> 
> In this case keyserver.uz.sns.it is a symbolic name pointing to the
> actual host doing the job.
> 
> If Giovanni wants to move the service from soyuz.uz.sns.it to
> apollo.uz.sns.it, he can do it transparently just changing the
> CNAME record in DNS. None of his peer partners should modify their
> membership file because these contain the alias keyserver.uz.sns.it
> as Giovanni asked.
> 
> This is why CNAME is invented for. You should not work against the
> world. :-)


I'd turn it the other way around. The hostname in sksconf is a
principal identifier of the server, no matter which alias is used to
access it, so the only one that can be used without getting duplicates
in the pool.

The hostname in sksconf should reflect the primary DNS names it is
accessible on. It doesn't necessarily have to correspond to the *nix
hostname SKS actually reside on at any given time. So I don't see this
being a problem. Sorry :)

That said, feel free to write a patch that implement alias tables and
I'll take it into consideration :)

- -- 
- ----------------------------
Kristian Fiskerstrand
http://www.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Corruptissima re publica plurimæ leges
The greater the degeneration of the republic, the more of its laws
- ----------------------------
This email was digitally signed using the OpenPGP
standard. If you want to read more about this
The book: Sending Emails - The Safe Way: An
introduction to OpenPGP security is now
available in both Amazon Kindle and Paperback
format at
http://www.amazon.com/dp/B006RSG1S4/
- ----------------------------
Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJPr8YYAAoJEBbgz41rC5UIKFwQAJle+cQVTJcgxJ7qwxbhYAtr
v96+BR0fsOtrPw52e9Z8XTL4zUIjcVG1/dKMvODSiVzKifadn3TbGg9n508+g6Am
j21J6yze2oZ77m4gjcYJgOpFILaABK3+hiq+RM+jMl4RieajqMy6fNamtwJUvHGF
0fDeYISwgpx1tWTNRONvtqGtjoobyZeiu6hQ639Z9M3BPpR2JuwSOCok03HUe7Tl
92DWNL6QE2JhaPjW7pl3nUv4HaeC6wxbDj1vf+ylqwN9THBdH1KJ8xDZtZCE5dKV
8lCdwVxDC83ML0X2VRIFuOBvyJpODAI96myAN2FZ7nGVpke0LaiQpgYdH41/H00d
QRs7NKJ1ldqWNBLH6xKluBU2vZ9MdEqLMWx67+bN9/fekkE11UqzihqCO35PjVA2
X+QRJ0PMBZCQyjgBd0MTKJ0QFLqPtS6WoEb7hC0hGBVhLiHNH8DP4ieZsFxA73kD
GWo49QdP7LHjW356pm/rMTMvBi03B82yZQxI88sBxYtNFGF2YQKHsQSJJdyI2vOQ
axlarZ7t7swRuqeJwkmYhVlDPfmGyasLXPgc7D0MGKdq0UtnZibwcvyUs+zWse3l
D96QMNXu/62BceHYEXQ3CrjEwwOHm1/msdUDFuh2OlmnodPje6S7P6P5vYh8Pj9U
Uu7lxKRAkqm+SzDxnjnY
=CfoI
-----END PGP SIGNATURE-----

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Sks-devel] [GnuPG-users] sks-keyservers.net: Changes to pools / SRV Weights, (continued)

Prev by Date: Re: [Sks-devel] [GnuPG-users] sks-keyservers.net: Changes to pools / SRV Weights
Next by Date: Re: [Sks-devel] sks-keyservers.net: Calculation of SRV weights
Previous by thread: Re: [Sks-devel] [GnuPG-users] sks-keyservers.net: Changes to pools / SRV Weights
Next by thread: Re: [Sks-devel] [GnuPG-users] sks-keyservers.net: Changes to pools / SRV Weights
Index(es):
- Date
- Thread