Well, the idea would be for these “researchers” to play with, and at least have 
something “newish” where I have some ingress point that propagates to some 
others,

> On 17 Jun 2018, at 14:59 , Andrew Gallagher <andr...@andrewg.com> wrote:
> 
> You can’t do it using recon, because any additions to the test server will 
> cause the key delta to diverge and recon will eventually fail.

Do you mean that the recon *needs* a similar from the destination? I don’t 
really care about it failing, it’ll then be a re-spin as you said below, but 
for example, the idea might be to inject problem keys into the tet environment, 
and the test environment’s problem keys not to “infest” the current public SKS 
keyservers.

> The easiest way might be a docker image that pulls the latest dump from one 
> of the public dump sources and spins up a fresh SKS instance from it. Then if 
> you want to update the key database, you just redeploy the docker image.


The type of troubles we saw, I read as something that was caused as the updates 
was being recon’s between servers, after the problem keys was already injected, 
thus the idea would be multiple servers to test against, having some ingres 
feeeds from the public servers, but no egress to the public side. Might be good 
for others to test there “test certs/keys” against before actual publication??

---
Hendrik Visage


Attachment: signature.asc
Description: Message signed with OpenPGP

_______________________________________________
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Reply via email to