sks-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: shutdown of pgpkeys.co.uk and pgpkeys.uk

From: Jeremy T. Bouse
Subject: Re: shutdown of pgpkeys.co.uk and pgpkeys.uk
Date: Tue, 22 Jun 2021 18:11:05 -0400
Actually my research into Hagrid appears to indicate that it performs the functions of HKP and WKS/WKD. The lack of ability to syncrohnize

On Tue, Jun 22, 2021 at 3:52 PM Andrew Gallagher <andrewg@andrewg.com> wrote:
On 22/06/2021 19:28, Kiss Gabor (Bitman) wrote:
> On Tue, 22 Jun 2021, Todd Fleisher wrote:
>
>> This service is deprecated. This means it is no longer maintained, and
new HKPS certificates will not be issued. Service reliability should not be expected.
>>
>> Update 2021-06-21: Due to even more GDPR takedown requests, the DNS records for the pool will no longer be provided at all.
>
> Do we establish an other pool with the remaining cca 30 hardcore server?
> Same members, same data, same software. New domain.

I think the idea of a self-organising pool has fundamental flaws. A
service that arbitrarily redirects your request to a desktop in some
random bedroom (or worse!) is not tenable IMO. I would much prefer if
individual operators were responsible for maintaining the availability
of their own service, and users chose between them based on their own
preference.

Also, any pool running SKS (the software) would suffer from all the same
reliability and compliance issues that led to the old one being shut
down. I believe we should declare both the SKS codebase and the pool (as
a concept) dead at this point.

Currently there seem to be three options for SKS operators who wish to
keep running:

Hockeypuck is maintained and in use by a group of about a dozen nodes
that have been synchronising with the SKS network for some time. It is
more reliable than SKS, and has blacklisting configuration parameters
that allow for easier compliance with GDPR. It does not yet solve all
known abuse and privacy issues, so remains a work in progress.

Hagrid is mature and reliable, but a) it does not synchronise with
anything, and b) it does not serve third-party signatures.

The last option is WKS/WKD, which favours a corporate environment. The
tooling and UX on the publication side is immature, but for key lookup,
on sufficiently modern clients, it Just Works. The disadvantages are a)
it only serves keys whose emails are in its own domain, and b) it does
not synchronise with anything by default (but this can be scripted).

I believe a mixture of WKS and synchronising keyservers will be required
for the foreseeable future. I would encourage SKS operators to migrate
to Hockeypuck and help contribute to its development, so that we can
start to address some of the design issues in recon, without having to
worry any more about backwards compatibility with SKS. :-)

--
Andrew Gallagher

reply via email to
[Prev in Thread] Current Thread [Next in Thread]