On 4/14/20 15:17, Stefan Claas wrote: > brent s. wrote: > >> On 4/14/20 11:00, Stefan Claas wrote: >>> >>> Why still focusing on a dead project like SKS and not convining the other >>> guys from Mailvelope or Hagrid to add peering capabilities? >>> >> >> You do realize one can do both, right? > > Yes, and I have not seen here from the majority in the past, saying hey lets > try out (and switch) or asked the devs.
We can't switch because the "replacements" lack functionality SKS has. Until there is a complete replacement for SKS, SKS will continue to be operated. I can't speak for the other operators, but I've tried hockeypuck, mailvelope, *and* Hagrid. None satisfy as a replacement. COULD they, in the future? Sure. But none do yet, and as such, saying something like "What benefits do you have as an SKS operator, to still support such old and dangerous GnuPG/SKS client-server model, in 2020?" serves as manipulative, conniving, and naive language. I don't understand why you care what we run on our own hardware, especially given we don't have any complete replacements. > > Regarding SKS, for example, I have not even seen from it's operators to > support modern hockeypuck[1] (development) and giving up old SKS code. > Probably because we're operators and not developers. The SKS code is here, so "giving up" the code is a moot point: https://bitbucket.org/skskeyserver/sks-keyserver/src/default/ Unless, of course, you mean "replace their deployments" - in which case, see above. > Excuse me if I sound like a troll. It is a valid question, because as you > may know public keys on SKS keyservers can be knocked out or not so nice > data can be added to them, thus not protecting users key. That is not how any of the attacks work. At all. A keyserver can be brought down but that doesn't magically put the integrity of the keys at risk to tampering. (If it did, you'd have an issue with GnuPG or PGP, not SKS.) Users' keys are protected just fine. > > In 2020 I would assume If I would be interested to run a community service > I would try to give my best for its users, i.e. trying to protect their > data (publick key blocks) as best as possible. > See above. You have a fundamental misunderstanding of the issues with SKS. -- brent saner https://square-r00t.net/ GPG info: https://square-r00t.net/gpg-info
signature.asc
Description: OpenPGP digital signature
