-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Daniel Kahn Gillmor wrote, On 03/23/2009 09:17 PM: > On 03/23/2009 04:02 PM, David Shaw wrote: >> On Sun, Mar 22, 2009 at 07:41:50PM -0400, Daniel Kahn Gillmor wrote: >>> has any thought been >>> given to requiring members of the keyserver pools to not run that >>> version of SKS? keys.gnupg.net itself contains several keyservers >>> running 1.0.10, which misbehave in response to standard gpg searches by >>> keyid. >> None that I know of. Eventually, such a thing will be necessary, but >> it would have to be done via whoever controls the particular keyserver >> round-robin. > > Kristian Fiskerstrand, i believe you're controlling > pool.sks-keyservers.net -- do you have any plans to reject members > running known-buggy versions?
It is correct that I run the keyserver pool, but no, I don't have any current plans for doing so.. mainly because it hasn't been much of an issue before.. But I'm always open for suggestions. As for now I already have blacklist on aliases/ips, but there is an RFE to block certain versions? > Those of you who run keyserver pools: what software do you run to manage > the DNS? Does it have the ability to reject by reported version? Its a set of PHP and bash scripts updating mine at least, and yes, I would have the ability to block by version. For now I created subset.pool.sks-keyservers.net which should include only keys that are reporting version to be 1.1.0 , so please test this out. - -- - ---------------------------- Kristian Fiskerstrand http://www.kfwebs.net - ---------------------------- Divide et impera Divide and govern - ---------------------------- http://www.secure-my-email.com http://www.secure-my-internet.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.10 (GNU/Linux) iQIcBAEBCAAGBQJJyP6WAAoJEBbgz41rC5UIs/kP/iBx5LQ1Ck17UA03g5qOjccZ 2yCDfVifa3I2ysb8gcUTCIQh8/k4hGTjRzhB/EEbnBtMad8IrhjjYgHIFeXQmBnb Hj1ojTe5DD8sBRAO5igu6gxJd1iEyOTWOrt6YuRdq3CunoSx4bXrDGEk9KqwSfAq iC1arHYXFg4YJtSZKk2JeJJAN7biIAwQftDeZALeJ8RqoHVP9+tLx4/lmuGvH3ts R0bla0/ULuNlcA3St+7kJZGkqfS69yrZd08JC0WL86iWJdOJIMdJ/zIoLXMnHZu6 +6aTpFhdWakLY7S2UDVhWeIK4fiN7XX/d3FGb9UBX8XWck22ijStK82tGYtzUx1P PvhNG+rPGzLvJ9KWQLLA/AFjyF1lBlq7Q4gAqhbZnT1g+aiswC3yKaq+tzdhus38 MqZ7uC/hLtxsVstnIQhjSwVBh6xEf7Sgi6E6nPmdjs4Yb3gIHiHRjvpLQOEhCnXQ uUZegarMZYeZifp/MdvFQo+b6cU4cd3qMSV/1ZslibiHFl0qjk6MzhHCesLF96eK zR/HAbgtFcG7YKio2OMWRrNzRQiJiFyLmnY4x4C2QhJyCY1kRV8XVBRY8D8/nr3+ 6+lcGx9cG3D81a2V5yaljty5DpI9V5fDw9npIkQ3hPPlwzJVJUpdXl+BO+exx76T gGDaAuyUi/vDGdDX0l1K =evFD -----END PGP SIGNATURE----- _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel