[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Proposal: Start verifying self-signatures
|
From: |
Robert J. Hansen |
|
Subject: |
Re: [Sks-devel] Proposal: Start verifying self-signatures |
|
Date: |
Tue, 19 May 2015 16:50:37 -0400 |
|
User-agent: |
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 |
> Even if we did have a better understanding of the filter code, the
> difficulty with phasing in filters like this (as you've noticed in
> your description) is that either the whole pool opts in, or the
> filter doesn't work. Peers with different filtersets cannot gossip
> with each other, aiui.
This is my understanding as well, and if I recall some past
conversations with John Clizbe correctly, he shares in this. However,
before we bet the farm I think we should see what Yaron thinks -- maybe
he has an idea for a next-generation SKS that would permit this. I
don't know how it would be done, but then again, I'm not Yaron. :)
> So if we're going to introduce new filters, we are going to cause a
> major disruption with the existing SKS network. While such a
> disruption may be warranted, it is probably not something we want to
> do twice, so we should roll all the desired filter changes into one
> massive disruption.
Something seems to be handwaved here. This seems to be about the same
level of effort as moving the keyserver to an entirely new protocol.
(In effect, it would be.) So perhaps we should first ask, "can we do
better than SKS?"
If we're going to go down this route I think we should start by looking
at academic research and seeing if there's some new idea that could
possibly be used to resolve some of SKS's problems.
I completely agree that we only want to do this once. For that reason,
I think it would be prudent to give serious thought to whether there was
something better than SKS to switch over to.
My impression is there is not, but I haven't done an in-depth search,
either.
> So the questions i have for a proposal like this:
I think limiting this discussion to just filters is a little premature.
If we decide that SKS is the best thing going and we need to keep it,
then yes, some sort of filter set seems appropriate. But see above
regarding keeping our eyes open to other options.
smime.p7s
Description: S/MIME Cryptographic Signature
- Re: [Sks-devel] Proposal: Start verifying self-signatures, (continued)
- Re: [Sks-devel] Proposal: Start verifying self-signatures, Johan van Selst, 2015/05/18
- Re: [Sks-devel] Proposal: Start verifying self-signatures, Robert J. Hansen, 2015/05/18
- Re: [Sks-devel] Proposal: Start verifying self-signatures, Daniel Roesler, 2015/05/18
- Re: [Sks-devel] Proposal: Start verifying self-signatures, Robert J. Hansen, 2015/05/18
- Re: [Sks-devel] Proposal: Start verifying self-signatures, address@hidden, 2015/05/19
- Re: [Sks-devel] Proposal: Start verifying self-signatures, Gabor Kiss, 2015/05/19
- Re: [Sks-devel] Proposal: Start verifying self-signatures, address@hidden, 2015/05/19
- Re: [Sks-devel] Proposal: Start verifying self-signatures, Arnold, 2015/05/19
- Re: [Sks-devel] Proposal: Start verifying self-signatures, Daniel Roesler, 2015/05/19
- Re: [Sks-devel] Proposal: Start verifying self-signatures, Daniel Kahn Gillmor, 2015/05/19
- Re: [Sks-devel] Proposal: Start verifying self-signatures,
Robert J. Hansen <=
- Re: [Sks-devel] Proposal: Start verifying self-signatures, Yaron Minsky, 2015/05/19
- Re: [Sks-devel] Proposal: Start verifying self-signatures, Daniel Kahn Gillmor, 2015/05/21
- Re: [Sks-devel] Key subsets (was: Proposal: Start verifying self-signatures), Arnold, 2015/05/21
- Re: [Sks-devel] Key subsets (was: Proposal: Start verifying self-signatures), Yaron Minsky, 2015/05/21
- Re: [Sks-devel] Key subsets, Arnold, 2015/05/21
- Re: [Sks-devel] Proposal: Start verifying self-signatures, Brian Minton, 2015/05/19
- Re: [Sks-devel] Proposal: Start verifying self-signatures, Johan van Selst, 2015/05/20
- Re: [Sks-devel] Proposal: Start verifying self-signatures, Robert J. Hansen, 2015/05/19
- Re: [Sks-devel] Proposal: Start verifying self-signatures, Johan van Selst, 2015/05/19
- Re: [Sks-devel] Proposal: Start verifying self-signatures, Mike Forbes, 2015/05/18