Hi, okay, I hope I don't need to explain why this e-mail caused me to remove you, Simon Lange, from my peering list.
It makes me sad to see such childish behavior on a mailing list like this one. btw, ur english doesnt make u look more kewl. c y? Best regards, Tobias Frei Am 19.04.2014 02:21, schrieb Simon Lange: > > Am 18.04.2014 23:16, schrieb Phil Pennock: >> On 2014-04-18 at 20:24 +0200, Simon Lange wrote: >>> the reason why a reverse proxy is "required" is, because some >>> require additional "security" at the nodes. > >> False. > ehm. nope. thats is what ive been told when i asked y the reverse proxy. ;) > but good to know. :=) > >>> yesterday i learned i >>> have to give up control who is using his domain with my services. :/ > >> False. As long as you can find people who will peer with you, you do >> not need to be in any pools at all. > > thats not the topic. and its rude btw. > > >>> currently for :80 i do accept all for ^(.*)pool.sks-keyservers.net and > >> Note that Kristian's pool is considered well-run and is used as the >> target of CNAMEs by other people. Most notably, `keys.gnupg.net` is a >> CNAME to `pool.sks-keyservers.net`. > >> So if you only whitelist for a pattern which, when unbroken, is: > >> ^(?:.+\.)?pool\.sks-keyservers\.net > >> then you've broken access by people using the default configuration of >> GnuPG. Kristian doesn't want those people to experience a broken >> service, so you don't get listed. > > and that is written where exactly? see? thats why i req techdoc?! > but keys.gnupg.net is already covered too. ;) > > >> Kristian _could_ decide to only support certain CNAMEs, then >> exhaustively test for all of those working, then going through the >> song-and-dance of de-listing most sites when he adds one more CNAME. >> Instead, he just says "to be listed in my pools, then on port 11371, all >> HTTP requests under `/pks/` should be passed to SKS, no matter what is >> in the Host: header". This creates less stress, less bureaucracy, less >> of a culture of having to ask permission for every action. > > allowing ALL is not a really good option. i already explained y. and a > page with techdoc which hostnames should be allowed is not much. > y using less procedure for pool reg than for gossip? whats the point > with this? because less bureaucracy? less stress? > i dont think its much stress and bureaucracy to tell ppl what hostnames > should be able to use the service. > > >>> domains using our services. its a matter of respect AND security. its an >>> optin feature not a optout. > >> Absolutely: you don't need to be listed in a pool, there is no hard >> requirement for it. > > right and you dont need to learn anything anymore since u know > everything. oh wait. ;) > try being less rude and try please to follow arguments. > > >> _I_ won't give away _my_ bandwidth for free to provide others with keys >> if they're not giving back to the community by being listed in public >> pools. That's my choice, in not subsidising other peoples' businesses >> and hobbies from my own pocket more than I already do with my time on >> open source projects. > > that just proved that you didnt understand anything i wrote. this is not > against good ppl. you dont protect your servers and your environment > against "good ppl". you protect it against "bad ppl". so hard to > understand?! > and exactly THATS WHY i dont allow fqdn like keys.npd.de to use my > keyserver. i dont support racist or inhuman parties/organizations. if > you dont care for your community. okay. but for ppl who do care, its a > maybe a problem to allow those ppl to advertise with services which are > not run by them. > > all others are invited. gimme a short notice and i put them on. thats > the concept of optin. this is how you configure firewalls too. deny all > and tell whats allowed. in this case easy to do. thats why i really dont > unerstand ur attitude. > > > >> That's okay. You and I don't have to peer. There is no one right way, > > nobody talks about peering. m) > >> no authority saying everyone must peer, no right to peering, no >> expectation that everyone agree. > > m) > > >> You can probably find other people who will peer with you. > > you dont get it. the topic is NOT peering. m) > > >>> (11371). there is absolutely no reason for a via (which may exposes the >>> used software) > >> You don't need to expose full version, but revealing "Apache/2" provides >> enough for most debugging. If revealing even that much makes you >> vulnerable, then you have bigger problems, because more intrusive >> platform fingerprinting by those of malicious intent will identify your >> platform anyway. > > you are derailing the topic. > > >>> FQDNs to use that specifiy service. dont allow anyone except fqdn which >>> did ask before is far more secure. (e.g. i dont want any raccist website >>> to advertise with MY services under THEIR domain, but because i cannot >>> KNOW all such domains, its better to deny all and allow a few). > >> Go ahead, use that policy. Find others who agree, create pool >> definitions which tightly control which final hostnames can be used. > > you repeating urself. try arguments and read. > > >> Kristian has made his pool software freely available for others to use: >> https://code.google.com/p/sks-keyservers-pool/ >> I have made my own pool software freely available for others to use: >> https://github.com/philpennock/sks_spider > >> You have two platforms available for you to run pools using whatever >> criteria you like. Go for it. Just don't expect anybody to take you >> seriously if you try telling us what criteria we are *allowed* to use >> for our own pools. > > you really should learn reading and understanding. btw: "us"? i did > SUGGEST things. you may reread. > > > >>> this is not a rant, but maybe sounds rude to some. > >> It was a rant. Your claiming otherwise did not make it not a rant and > it was not. but you didnt understood anyway. who cares at this point of > your rude mail. > >> Thank you for making your keyserver usable by the pools. I may >> strenuously disagree with your stance and your demands, but as long as >> you're providing a public service, I'm happy to continue peering with >> you. If you change your mind about providing a public service which can >> be freely listed by anyone, please do let me now and I will remove your >> system from my peering membership list. > > bullshit galore. congratz. :D you completely missed the topic the point, > everything. > > >> -Phil > > *PLONK* > > -- > ________________________________________________________ > Simon Lange Consulting - Gaudystr. 6 - DE-10437 Berlin > Telefon: +49(0)30/89757206 Mobil: +49(0)151/22640160 > ----------------------------------------http://s-l-c.biz > > > _______________________________________________ > Sks-devel mailing list > Sks-devel@nongnu.org > https://lists.nongnu.org/mailman/listinfo/sks-devel >
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel