-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 28.04.2012 16:02, Jeffrey Johnson wrote: >
Hi Jeffrey, >> FYI I've committed some changes to sks-keyservers.net in order to >> use the reported Hostname of the SKS keyserver rather than the >> hostname listed in any given peer list. One of the reasons for >> this is the magnitude of aliases in use resulting in multiple >> occurrences in the pool list. >> > > Your remarks resemble my key servers. Can't be helped, sorry. > Aliases isn't necessarily a problem, at least, after the switch to using the reported Hostname of the SKS server. If there is enough need, I might consider creating a proper alias table, but I'd prefer not to have to :) >> Anyhow, since this change, your SKS server will be out of the >> pool until a proper FQDN (OK, technically not as there isn't a >> trailing dot) hostname is set in the sksconf file. This is >> currently set to "services" according to [1, 2], where by i'd >> expect it to read "keyserver.uberslacks.com" >> > > Can you state the requirements for a "proper FQDN" name in the > context of pool inclusion precisely? In this scenario, any full hostname that is internet accessible. For the case at hand; specifying "keyserver.uberslacks.com" rather than "services" in sksconf [1] would be sufficient. > > Just asking for information on current implementation state: > Aliasing is a very hard problem to solve, particularly when IPv4 > <-> IPv6 aliasing is also involved. > Indeed, but as long as there are enough servers in the pool to function properly, it shouldn't cause too much trouble. Preferably SKS operators stick to using the primary hostname of the server for its membership file, but this should only affect the cross-peering check in the status page. As long as the server is accessible using the alias, it will now only read the Hostname from the status page and use that for the listing. Could you elaborate a bit on the IPv4 <-> IPv6 part? I fail to see why this should add too much extra complexity (for the server operators at least). Speaking based on my own keyservers, the DNS entries simply lists; ## keys.kfwebs.net: IPv4 && IPv6 ## keys.kfwebs.net. 49497 IN A 213.161.224.2 keys.kfwebs.net. 49497 IN AAAA 2001:16d8:ee30::4 ## keys2.kfwebs.net: IPv4 && IPv6 ## keys2.kfwebs.net. 32283 IN A 84.215.6.5 keys2.kfwebs.net. 22683 IN AAAA 2001:16d8:ee3d:ee30:215:5dff:fe00:120d ## keys3.kfwebs.net: IPv6 only ## keys3.kfwebs.net. 22672 IN AAAA 2001:16d8:ee3d:ee30:215:5dff:fe00:1203 [1] http://keyserver.uberslacks.com:11371/pks/lookup?op=stats - -- - ---------------------------- Kristian Fiskerstrand http://www.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Corruptissima re publica plurimæ leges The greater the degeneration of the republic, the more of its laws - ---------------------------- This email was digitally signed using the OpenPGP standard. If you want to read more about this The book: Sending Emails - The Safe Way: An introduction to OpenPGP security is now available in both Amazon Kindle and Paperback format at http://www.amazon.com/dp/B006RSG1S4/ - ---------------------------- Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJPm/umAAoJEBbgz41rC5UI/bwP/0KNBH7pkx4mGQORqpe5m8EG Kdwzl6el5MPaAcuaFIstLk1JQrAv7RjE/JaQwIo6ftt47GTdFhDcn8f2APDe6bAx 3/T3V1zTbnXLcMU1OlLCjRj/G9gUQYu/mpJ1nS7BAqMz8Vzfl3iftwcsx7AK0AEs wFfHKNiNjGKkH3KaWu7X8GW51yHdGBjYmcgZbiNuKrzDDF6eCSic4jwj0VmQU3TW GyyI8vcE+JxNCQuSlhmiXzYd9HXWCXUqyHryzzAusvLGyjN1F8Sl0ffCmhdNZ1za OW59JSW0fahXvbet6hf5s0DequJLMuNUEOZvEazyZ76TK4DXVSCcfXSsM5ezdL7a WOy1XwlFs5iCqLmLIy5G57Jla+sGs1RYLth+CT+EBE/ehHCcZ/BanpDFNH/SrdRC aEwP4uxqAtMMIH9BJz0uMrppz/BcAhiyXLfRle2g1PBJm+aVfA2D6YeLS0/8HHdH 16N//+TxHBg7gFfXVr+tV8w6lBO4W7/fjEeUPE9y1Rz9GuRx3MQPC3LPdy4TYWIw sBwicYPdGhlfbgcInRB71h2eMQ683Umhf8vKy3ykc+s0IDYZrn+Uyx1dx0bQdcnw v6bbRTArT/vBNNqPwPjTgwDFAw4p1Q73XI3pD2GsjRDifSYRz2YUpdNmaTbeW3zH Tru37cWxC4psx4kW6ItN =ISRH -----END PGP SIGNATURE----- _______________________________________________ Sks-devel mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/sks-devel
