-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Daniel Kahn Gillmor wrote, On 03/23/2009 09:17 PM:
On 03/23/2009 04:02 PM, David Shaw wrote:
On Sun, Mar 22, 2009 at 07:41:50PM -0400, Daniel Kahn Gillmor wrote:
has any thought been
given to requiring members of the keyserver pools to not run that
version of SKS? keys.gnupg.net itself contains several keyservers
running 1.0.10, which misbehave in response to standard gpg searches by
keyid.
None that I know of. Eventually, such a thing will be necessary, but
it would have to be done via whoever controls the particular keyserver
round-robin.
Kristian Fiskerstrand, i believe you're controlling
pool.sks-keyservers.net -- do you have any plans to reject members
running known-buggy versions?
It is correct that I run the keyserver pool, but no, I don't have any
current plans for doing so.. mainly because it hasn't been much of an
issue before..
But I'm always open for suggestions. As for now I already have blacklist
on aliases/ips, but there is an RFE to block certain versions?
Those of you who run keyserver pools: what software do you run to manage
the DNS? Does it have the ability to reject by reported version?
Its a set of PHP and bash scripts updating mine at least, and yes, I
would have the ability to block by version.
For now I created subset.pool.sks-keyservers.net which should include
only keys that are reporting version to be 1.1.0 , so please test this out.
- --
-
Kristian Fiskerstrand
http://www.kfwebs.net
-
Divide et impera
Divide and govern
-
http://www.secure-my-email.com
http://www.secure-my-internet.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.10 (GNU/Linux)
iQIcBAEBCAAGBQJJyP6WAAoJEBbgz41rC5UIs/kP/iBx5LQ1Ck17UA03g5qOjccZ
2yCDfVifa3I2ysb8gcUTCIQh8/k4hGTjRzhB/EEbnBtMad8IrhjjYgHIFeXQmBnb
Hj1ojTe5DD8sBRAO5igu6gxJd1iEyOTWOrt6YuRdq3CunoSx4bXrDGEk9KqwSfAq
iC1arHYXFg4YJtSZKk2JeJJAN7biIAwQftDeZALeJ8RqoHVP9+tLx4/lmuGvH3ts
R0bla0/ULuNlcA3St+7kJZGkqfS69yrZd08JC0WL86iWJdOJIMdJ/zIoLXMnHZu6
+6aTpFhdWakLY7S2UDVhWeIK4fiN7XX/d3FGb9UBX8XWck22ijStK82tGYtzUx1P
PvhNG+rPGzLvJ9KWQLLA/AFjyF1lBlq7Q4gAqhbZnT1g+aiswC3yKaq+tzdhus38
MqZ7uC/hLtxsVstnIQhjSwVBh6xEf7Sgi6E6nPmdjs4Yb3gIHiHRjvpLQOEhCnXQ
uUZegarMZYeZifp/MdvFQo+b6cU4cd3qMSV/1ZslibiHFl0qjk6MzhHCesLF96eK
zR/HAbgtFcG7YKio2OMWRrNzRQiJiFyLmnY4x4C2QhJyCY1kRV8XVBRY8D8/nr3+
6+lcGx9cG3D81a2V5yaljty5DpI9V5fDw9npIkQ3hPPlwzJVJUpdXl+BO+exx76T
gGDaAuyUi/vDGdDX0l1K
=evFD
-END PGP SIGNATURE-
___
Sks-devel mailing list
Sks-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/sks-devel