[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Launching a new keyserver on keys.openpgp.org!
|
From: |
Andrew Gallagher |
|
Subject: |
Re: [Sks-devel] Launching a new keyserver on keys.openpgp.org! |
|
Date: |
Wed, 19 Jun 2019 11:21:16 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.1 |
On 19/06/2019 09:42, William Hay wrote:
> Thus spake Valentin Sundermann:
>> I think the best way forward would be to implement SKS Recon, this way
>> the SKS instances would not fall behind the hagrid ones (what's good for
>> the general network I guess).
>>
>> I'd suggest to provide an in/out sync interface where something like an
>> "sks recon adapter" could be plugged in. Such an adapter would strip
>> away all identity information in- and outwards.
>
> That doesn't seem likely to work. AIUI the sks recon protocol doesn't just
> ensure that all members of the network have a copy of every key but
> that they have the same version of each key. If the recon adapter
> only deals in stripped keys then the reconciliation could never finally
> succede
This is correct. To support SKS recon between servers that support a
different subset of key material would require a full implementation of
fake-recon as discussed in the mega-thread here:
http://nongnu.13855.n7.nabble.com/SKS-apocalypse-mitigation-td228252.html
tl;dr: you probably have better things to do with your life. :-)
--
Andrew Gallagher
signature.asc
Description: OpenPGP digital signature