Re: [Sks-devel] sks pool membership registration

Wed, 26 Jun 2013 12:50:19 -0700 

On 2013-06-26 at 14:20 -0400, Daniel Kahn Gillmor wrote:
> kristian, you're doing a much-appreciated job maintaining the SKS pools.
>  I was wondering if you'd consider allowing members of the pool(s) to
> register an e-mail address associated with their server, to receive
> notifications when their server gets ejected from the pool.
> 
> For example, i'd like to be able to communicate with you (out of band,
> perhaps) and say "my keyserver, zimmermann.mayfirst.org, belongs in the
> ha pool.  please have your system send me an alert if it gets removed
> from that pool".
> 
> I can poll/scrape https://sks-keyservers.net/status/ of course, but that
> seems like it might be suboptimal -- scraping seems prone to failure,
> and polling seems both laggy and potentially excessive in use of bandwidth.
> 
> any thoughts on the best way to encourage notification for operators who
> want to get this sort of thing?

We added "Server contact:" to the stats page, configured by
"server_contact:" in sksconf, which lets folks set the PGP keyid of the
operator, without directly putting email addresses into a scrapeable
page, and Kristian collects that already, showing it as [@] after some
server names.

Perhaps we should add a "pool_policy:" statement, which applies to
everyone running any kind of pool, with a very simple grammar?

Space separated keywords or key=value pairs?  Keywords and keys
case-insensitive?

 Keyword: skip
 Action:  takes precedence over any other keyword encountered, do not
          include in pools

 Keyword: hkp-only
 Action:  do not poll for hkps connectivity, do not try to include in
          pool; takes precedence over hkpsport.

 Key:     hkpsport=11373
 Action:  HKPS service offered, any SRV records should reference this
          port; if port is not 443, do not include in non-SRV pool
          definitions.

 Key:     monitoruid=2
 Action:  On notifiable event, please send an email to the Nth-oldest
          (2nd-oldest in example) uid present on the key found via
          server_contact.  Counting includes revoked uids.

That's off the top of my head, for a strawman proposal.  Feel free to
point out the many and varied ways in which this proposal sucks.

-Phil

Attachment: pgpt49fbJTT5G.pgp
Description: PGP signature

_______________________________________________
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Reply via email to