[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] keys.gnupg.net anomaly
|
From: |
Kiss Gabor (Bitman) |
|
Subject: |
Re: [Sks-devel] keys.gnupg.net anomaly |
|
Date: |
Fri, 29 Apr 2016 07:45:07 +0200 (CEST) |
|
User-agent: |
Alpine 2.02 (DEB 1266 2009-07-14) |
> This is only required for port 11371 and is explicitly covered in
> https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering
>
> } HTTP Performance
> } [...]
> } Beware that for port 11371 traffic, you *must* be able to handle
> } requests with _any_ `Host:` header, for the various pools and CNAMEs
> } which exist, and you *must* accept requests with no `User-Agent:`
> } header set, as at least one major OpenPGP HKP client refuses to set a
> } User-Agent field when talking to keyservers.
>
> This is handled in all of the configuration examples provided. SKS on
> its own doesn't look at Host: headers and if you put a proxy in front of
> it (as you should because of the single-request-at-a-time implementation
> of SKS) then ideally you'll preserve this host-agnostic behaviour on
> port 11371 if you wish to be a part of the public pools.
Thanks, Phil, for the clarification.
> What hostnames you handle on 80/443 is a different matter. For myself,
> I prefer to avoid serving real content on arbitrary hostnames (DNS
> rebinding attacks, etc) so always have a catchall dummy default with no
Yes, you may right.
Probably I also reorganize my Apache configs.
Cheers
Gabor