Re: [Sks-devel] keyservers.org downtime

[Robert J. Hansen]

On 7/1/2012 2:49 AM, Gabor Kiss wrote:
> Why don't put a CNAME record of keyservers.org pointing to a working
> server? Most of your users won't notice the difference. :)

Because that's fundamentally dishonest.

Some people use keyservers.org indirectly through
pool.sks-keyservers.net.  These people genuinely don't care where their
certificates get served up from: they just care their certificates get
served.

Some people use keyservers.org directly by specifying it at the command
line.  Not necessarily because they trust me, mind you -- it's just as
likely that they use keyservers.org directly because they want to know
who it is that's running their keyserver, and they don't want to accept
a certificate served up by someone completely anonymous.  Many of these
people have their tinfoil hats wound too tight, but it's possible that
some of these people may have good and legitimate reasons for wanting
*one particular* keyserver rather than some random keyserver.

I would rather keyservers.org had a week of downtime than I would
silently redirect its traffic somewhere else.  I won't do it.  If
someone requests a certificate from keyservers.org, I should either
service that request myself or it shouldn't get done at all.