How much load are keyservers willing to handle?

[adrelanos]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Robert J. Hansen:
>> I am planing to write a script, which will refresh the apt
>> signing key before updating using "apt-get update".
> 
> The question I have is, "What problem are you trying to solve?"

What in case the apt signing key gets compromised. What is the
mechanism of invalidating the client's keys so they can't fetch
malicious files from any mirrors.

> I am certain that Debian Security already has a protocol in place
> for how to handle compromised certificates.

Certainty is what sometimes makes the world an unsafe place. I would
have supposed that this is the case as well, but after verifying such
suppositions I was often quite surprised.

> Is this protocol flawed or lacking?

It is non-existent. See my original question [1] and also in my
current discussion [2] someone would have stepped in and said "we
already have this". Since this didn't happen and since I also looked
through apt's sources, I am certain this thing doesn't exist. Can't
prove it though, Russell's teapot you know. ;)

> What problem does it not address which this idea will solve?

When there is reason to believe, the apt signing key has been
compromised, the revocation certificate can be spread through a
channel other than apt updates (which are compromised).

> The next question is, "Why is it important the certificate be
> retrieved from the keyserver network?"

It's not important. I didn't mean to say that. It's just simpler to
code (for me, in the draft in my head). And if they don't mind, I'll
go the easy way, if they mind, I'll come up with another solution.

> When talking about the global apt repositories, it's likely they
> have access to multiple of orders of magnitude more bandwidth than
> the keyserver network.

Yes.

> Why not host the signing key on the apt repo server?

They could of course re-use their existing mirror network for this.

>> Could keyservers cope up with the load?
> 
> Good question.  Probably, but some keyserver operators might view
> it as rude.  Best to ask on sks-devel at nongnu.org.

Will do.

[1] http://lists.debian.org/debian-security/2013/10/msg00065.html
[2] http://lists.debian.org/debian-security/2013/12/msg00031.html

-----BEGIN PGP SIGNATURE-----

iQJ8BAEBCgBmBQJSsmssXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ5QjE1NzE1MzkyNUMzMDNBNDIyNTNBRkI5
QzEzMUFEMzcxM0FBRUVGAAoJEJwTGtNxOq7v26MP/R1TMYHHE6l0Ayhs6qZS3iGf
fKDKM8qVfJUo/YBxAaYXVtfD6Ovs4jgKR7KXvy/xzsq4XdoDWMEgsZG3MLP+JiyS
j3g7BEVns+55A/vPDysMUstrwQPhSBklnA+my3QG4UnDdKUjx8/m3jxWbMphe+sj
fdMtOAquRCj72dIgtiYSYCfOnb9UN7EaEWrIyK57c9J5ygD6HTOjU4VoNKwLfHnf
W8IAeTv4N1PDZIZ/dPteDkBYuCdgJgB+QAYh7yJ5AuCV1dhiTkip92PkE3+tCVHs
/mufO9Ffy3mAtsD7U0H6Mq2rCqa8v3tHpraMROHdyuyAK1VJqbfveOkeKHjL2ocZ
2uJbAF/m/JmQFLPH/+V8siItg2qhYS2I6qhxE5RvS1FmbwPf/yvulSQQmaNJNPLE
pxR7LbOAS9zUfJsy44r+t4n6N64qDmEBk6g+tRLMpn0MC8zfdSvZBxxWP9JVkWc1
C8JHeluKH8jrQbbLSBeG9Ie8WUMSmJpqfQLI6jK6sW2zXRA11VSSFNyPB48vsuZB
9kUtJ7ido0/npI/225JN/oQJ3RaTKj62OyDQSW8X4C4gMWFj8EZAvoSj/nKiKUtB
RH1IJ8GBCsK1QR5Biia/KchYlAW+HKpJpOrn6C8Wm+ubBooYuK7csud5exWZLS+Q
VAq22Rq6RdgitL1O/4OJ
=O6my
-----END PGP SIGNATURE-----