> This is only required for port 11371 and is explicitly covered in > https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering > > } HTTP Performance > } [...] > } Beware that for port 11371 traffic, you *must* be able to handle > } requests with _any_ `Host:` header, for the various pools and CNAMEs > } which exist, and you *must* accept requests with no `User-Agent:` > } header set, as at least one major OpenPGP HKP client refuses to set a > } User-Agent field when talking to keyservers. > > This is handled in all of the configuration examples provided. SKS on > its own doesn't look at Host: headers and if you put a proxy in front of > it (as you should because of the single-request-at-a-time implementation > of SKS) then ideally you'll preserve this host-agnostic behaviour on > port 11371 if you wish to be a part of the public pools.
Thanks, Phil, for the clarification. > What hostnames you handle on 80/443 is a different matter. For myself, > I prefer to avoid serving real content on arbitrary hostnames (DNS > rebinding attacks, etc) so always have a catchall dummy default with no Yes, you may right. Probably I also reorganize my Apache configs. Cheers Gabor _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel