On 04/18/2014 04:42 PM, Simon Lange wrote: > "bad ppl" could pretend offering a public service using my machines they > dont own nor they administre nor they run. my machines would support > that passivly. think this is easy to understand. and also has some legal > implications. just imagine feds want to seize all machines of some "bad > ppl"and pinpoint using the IPs the get from running services under > badppl's domains... not worth the risk while easy to avoid. > we dont gossip with everyone without "handshaking" first. i keep it that > way same with the pool. :)
I'm sorry, but this concern is not related to SKS; this is the way the internet works. Here's another example, not related to SKS: If you reverse the string "illuminati" and then append ".org", and put it in your web browser, you will find yourself instead at the homepage of an organization that probably does not want themselves to be publicly affiliated with the illuminati. The nature of the SKS pool is that different people address it in different ways. for example, there are sub-pools that your keyserver might be part of, and they each have different names. There are also other well-known names (like keys.gnupg.net) that themselves are aliased to the pool. If you want your SKS instance to work with the various labels and pools that are available, you will let your SKS instance be addressed by arbitrary names. If you don't want your SKS instance to participate in the pool, you don't need to answer to different names. that's fine too; but please don't accuse the pool coordinator (kristian) of setting up these rules to make trouble for you or any other keyserver operator; rather, he's trying to make it so that people who rely on any of the pools (directly or indirectly) will always reach a functioning keyserver. If you don't want to be in the pool because you don't want to take the same risk that every other web site takes, that's OK; you can still sync keys with members of the pool, but your keyserver won't be queried by people using the pool. hope this helps explain the reason behind this requirement. --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel