Re: [Sks-devel] Launching a new keyserver on keys.openpgp.org!

Thanks for the effort. I see keys can be retrieved as follows: https://keys.openpgp.org/vks/v1/by-email/look@my.amazin.horse https://keys.openpgp.org/vks/v1/by-fingerprint/D4AB192964F76A7F8F8A9B357BD18320DEADFA11 Are you also planning to add SKS-compatible endpoints over http? Eg: https://keys.ope

Re: [Sks-devel] "SKS is effectively running as end-of-life software at this point"?

Robert, No doubt it's risky to implement things that there is no consensus on. But the device I'm writing this on was invented by *not a consensus*, and a consensus to design it would not have emerged on this list nor elsewhere. The risk may be lowered: 1) on behalf of our company I'm excited to

Re: [Sks-devel] withdrawal of service: sks.spodhuis.org

> Does anyone in the pool run hockeypuck? How compatible is its recon with others running sks-keyserver? Yes, here is one: http://keyserver.snt.utwente.nl (see https://sks-keyservers.net/status/ and http://keyserver.snt.utwente.nl:11371/pks/lookup?op=stats ) However, it was kicked out of the poo

Re: [Sks-devel] heads-up: another attack tool, using SKS as FS

> How do you propose to validate the email address? I'm using a library to parse the uid as email, name and a comment. For the email, I'm using a very, very long regex. Of the 5M keys available in SKS dumps, very few uids are miscategorized. It may be hard to do with 100% accuracy, but it's unsur

Re: [Sks-devel] heads-up: another attack tool, using SKS as FS

> Is it possible without facing a user revolt? No. SKS does do key parsing though, and we could surely figure out just how big the photo-id is in bytes. I suggest to impose a limit. Does it really need to be any bigger than 10kB? My suggestion: - impose a 10kB image size limit - max one image pe

Re: [Sks-devel] heads-up: another attack tool, using SKS as FS

> that would probably be an incomplete mitigation: Sounds better than no solution! > -people can use the photo id field instead Size limit can be enforced. > -people can use valid e-mail addresses under an own domain ("catch-all") As long as it can validate, seems fine to me. Better than no ve

Re: [Sks-devel] withdrawal of service: sks.spodhuis.org

I would have loved to write an alternative SKS implementation that addresses the issues we were seeing recently. However, this: - Set Reconciliation with Nearly Optimal Communication Complexity - Practical Set Reconciliation

Re: [Sks-devel] disk full, keys.niif.hu crashed

I should have added, DB_LOG_AUTOREMOVE should probably be a default, too. Whatever makes the servers more likely to survive out in the wild. On Sat, Jun 16, 2018 at 6:34 PM, Tom at FlowCrypt wrote: > I think there should be a default setting on all installations with a > clear max ke

Re: [Sks-devel] disk full, keys.niif.hu crashed

I think there should be a default setting on all installations with a clear max key size. 8M is a good start, 1M is even better. 1MB well generous enough for a public key. As a user, I shouldn't need to do download megabytes of fluff for every person I want to message. I propose that we set and