-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2012-05-13 22:38, Phil Pennock wrote: > On 2012-05-13 at 16:33 -0400, Phil Pennock wrote: >> When I do reclaim the IPv4, I'll probably split sks/sks-peer to >> two different IPv6 addresses and set up appropriate >> packet-filtering on the v6 address, so that peering can remain up >> even in the face of DoS against the service address, provided my >> link doesn't saturate. > > Oh, the reason I didn't do this originally was because the > keyserver pool was using the hostname from the peering mesh, so > sks-peer.spodhuis.org was more discoverable. > > I'm *very* pleased by Kristian switching the pool to use the > sksconf hostname, which gets folks seeing the advertised service > hostname, not the peering hostname. If this stays common, and is > used for resolving the IPs for membership, and supplying hostnames > for SRV pools (or IPs for host aliases in the SRV pools), then my > original intentions are feasible. >
I do, indeed, intend to keep this practice, as, the way I see it, it is the most sensible way to keep the pool clean. Please note, that your original setup of separating between sks and sks-peer will mean that the cross-peering information on the meta page will not show properly connected peers. It will also influence the Reference Membership file. But as I've said before, this is mostly for convencience of the server operators, and not used at all for the actual core operations of the pool - the reference membership file was a request after a failed server where no backup was performed :) (but it is nice for debugging) > Whether they're sensible is a matter of opinion. I think so, but I > know others might regard it as over-engineering. For me, operating the pool, it certainly makes things easier, rather than being over-engineering. - -- - ---------------------------- Kristian Fiskerstrand http://www.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Corruptissima re publica plurimæ leges The greater the degeneration of the republic, the more of its laws - ---------------------------- This email was digitally signed using the OpenPGP standard. If you want to read more about this The book: Sending Emails - The Safe Way: An introduction to OpenPGP security is now available in both Amazon Kindle and Paperback format at http://www.amazon.com/dp/B006RSG1S4/ - ---------------------------- Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJPsB+TAAoJEBbgz41rC5UIo0kP/3uOwAR7Z+eQieGqeWkRxWAy IemTMd40PbBiF9ppjKRMSSKBUoHt99niBw0VVEiaK/LvZaaFr3p0giGsntjDHY9C FTQh7s9u3UraG8IfK1Bt3r+mN7WgUMSeubkh0/nJ9BZZnz5sljKU6ra+00aUnX1V LZvJmvRJfhoZIKgNVuzlDer/CsAfeCBzbC29PC4NDT6a0HDla8tPPtXrmOri24Ct zGgReHOPvnFHkx2DiZLpLiYaDpI9fbQKQyo+IZ4HhdPTKeaTx1yMNVYSzsIwsKdm dGumQekFAf/+5MjU07JHATBclpGzDHAV/LPhEVa4/F9yF/ghldjoEUwNg26WTjrC CpggLwL6KxUgLbb9nJr2YjAt2YKmDoJ4b3SGlEqSk/cAIoRHgYwV6Em2TFUYE6gp b2VCwA33sDm3CZOYiKwV15Ejkwth1cRMDknIXmYJqANjtEpALwwnm4LMllEsC6R5 jlepHLE535S0txrw9VDlyPm9XMKiN9nCNPT9yzFWmMx0pg8PJGvn43ioQd4AuAq8 9acCsTeAps8u+65aDEQ84NeOvLbv6Qdclmj4OoiMM50SjELoTdvvDpG8Qd96yst5 9xmiPf5ykPP09L8zBfwChbrvX46vYClrgHpkQ0of1uCTf2Kjf1mYx+GDpzuCbsYR rqy3QXv9Y2JFWCS0S9B6 =BD2n -----END PGP SIGNATURE----- _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel