(adding sks-devel to this thread since it discussies changing the minimum bar for the pool)
On Wed 2017-09-06 23:46:59 +0200, Kristian Fiskerstrand wrote: > On 09/06/2017 11:33 PM, Werner Koch wrote: > >> including all of the RSA and DSA subkeys. But not the original >> requested ed25519 key. It seems SKS 1.1.5 partly supports ed25519 keys >> but for example does not return them. > > No, 1.1.5 supports RFC6637 but not the ed25519/curve25519 variants > >> Hopefully the remaining SKS 1.1.5 installations will soon update to >> 1.1.6 which does not have this problem. > > hkp://subset.pool.sks-keyservers.net requires SKS 1.1.6, I've been > pondering requiring the main pool to use this , which can be discussed > if we want to push ed25510/curve25519 SKS 1.1.6 was released over 1 year ago (on 2016-08-07). It is well tested and widely deployed. looking at https://sks-keyservers.net/status/ -- i'd say we can afford to move to SKS 1.1.6 for the main pool. We will (temporarily) go from 116 members of the main pool to 85 -- a loss of about 25%. But we also provide an incentive for those members to upgrade to 1.1.6, so i expect we'll make some of that back. We only lose 3 members from the hkps pool, and 2 members from the onionbalance, so i'd recommend making it a minimum there too. About feasibility of upgrades: version-wise, people tend to treat debian as the "old, out of date distro", and for debian: * Debian stable (stretch) has SKS 1.1.6. * people running debian oldstable (jessie) can install 1.1.6 from jessie-backports. People running keyservers on ubuntu LTS will need to find a PPA or some other alternative (xenial offers only 1.1.5 in universe), but so it goes :/ (I note that a previous attempt to get a backport into an ubuntu LTS appears to have gone unresolved: https://bugs.launchpad.net/trusty-backports/+bug/1435397 -- but perhaps micahg can be convinced to update his ppa in a similar way at least) I recommend requiring at least SKS 1.1.6 for membership in all the pools. --dkg
signature.asc
Description: PGP signature
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel