sks-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] SKS apocalypse mitigation

From: Phil Pennock
Subject: Re: [Sks-devel] SKS apocalypse mitigation
Date: Sat, 5 May 2018 03:48:16 -0400 
On 2018-05-04 at 17:13 +0100, Andrew Gallagher wrote:
> AFAICT, the limitation that SKS servers should only recon with known
> peers was introduced as a measure against abuse. But it's a pretty
> flimsy anti-abuse system considering that anyone can submit or search
> for anything over the HKP interface without restriction.
> 
> I think all SKS servers should attempt to recon with as many other
> servers as they can find.

The SKS reconciliation algorithm scales with the count of the
differences in key-counts.  If you peer with someone with no keys
loaded, it will render your server nearly inoperable.

We've seen this failure mode before.  Repeatedly.  It's part of why I
wrote the initial Peering wiki document.  It's why I walked people
through showing how many keys they have loaded, and is why peering is so
much easier these days: most people who post to sks-devel follow the
guidance and take the hints, and get things sorted out before they post.

This is why we only peer with people we whitelist, and why most people
look for as much demonstration of Clue as they can get before peering,
and it's a large part of why we do see de-peering when actions
demonstrate a lack of trustworthiness.

-Phil
reply via email to
[Prev in Thread] Current Thread [Next in Thread]