SKS Keyserver Network Under Attack

[Wiktor Kwapisiewicz]

Hi Alyssa,

On 02.07.2019 00:43, Alyssa Ross wrote:
> The impression I got was that they're very optimistic about their
> ability to handle traffic to their server -- they were happy to have a
> distro make the switch, and will be changing the defaults in Enigmail
> and OpenKeychain very soon, as I understand it.

I did work on one scheme that uses OpenPGP and I did some extensive 
tests even before keys.openpgp.org was announced and in terms of 
reliability it's day vs night compared to SKS.

Hagrid, as far as understand it, serves keys from static files so it by 
design has good performance. SKS on the other hand requires caches in 
front of the server and, in my tests, it was frequent that an old 
version persisted in the cache long after I updated a key.

No such issues on keys.openpgp.org, gpg --send-key and the new updated 
key is immediately available with no time outs or delays.

> It is a real shame that a decentralized Hagrid isn't really possible,
> though, at least to my understanding. It's quite the limitation for
> GnuPG.

Decentralized non-identity information hagrid could still be possible. 
It's just a question over which protocol to synchronize this kind of data.

Kind regards,
Wiktor

-- 
https://metacode.biz/@wiktor

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 919 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190702/06317207/attachment-0001.sig>