Re: [Sks-devel] [GnuPG-users] sks-keyservers.net: Changes to pools / SRV

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] [GnuPG-users] sks-keyservers.net: Changes to pools / SRV

From:	Phil Pennock
Subject:	Re: [Sks-devel] [GnuPG-users] sks-keyservers.net: Changes to pools / SRV Weights
Date:	Sun, 13 May 2012 16:38:01 -0400

On 2012-05-13 at 16:33 -0400, Phil Pennock wrote:
>                                      When I do reclaim the IPv4, I'll
> probably split sks/sks-peer to two different IPv6 addresses and set up
> appropriate packet-filtering on the v6 address, so that peering can
> remain up even in the face of DoS against the service address, provided
> my link doesn't saturate.

Oh, the reason I didn't do this originally was because the keyserver
pool was using the hostname from the peering mesh, so
sks-peer.spodhuis.org was more discoverable.

I'm *very* pleased by Kristian switching the pool to use the sksconf
hostname, which gets folks seeing the advertised service hostname, not
the peering hostname.  If this stays common, and is used for resolving
the IPs for membership, and supplying hostnames for SRV pools (or IPs
for host aliases in the SRV pools), then my original intentions are
feasible.

Whether they're sensible is a matter of opinion.  I think so, but I know
others might regard it as over-engineering.

-Phil

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Sks-devel] [GnuPG-users] sks-keyservers.net: Changes to pools / SRV Weights, (continued)

Prev by Date: Re: [Sks-devel] [GnuPG-users] sks-keyservers.net: Changes to pools / SRV Weights
Next by Date: Re: [Sks-devel] [GnuPG-users] sks-keyservers.net: Changes to pools / SRV Weights
Previous by thread: Re: [Sks-devel] [GnuPG-users] sks-keyservers.net: Changes to pools / SRV Weights
Next by thread: Re: [Sks-devel] [GnuPG-users] sks-keyservers.net: Changes to pools / SRV Weights
Index(es):
- Date
- Thread