SKS key servers problem

Today the SKS Keyserver Network Under Attack gist made to a Hacker News first page. And the plot twist - it is implemented in OCaml. Ridiculously the author of that gist blames the language:

The software is Byzantine. The standard keyserver software is called SKS, for “Synchronizing Key Server”. A bright fellow named Yaron Minsky devised a brilliant algorithm that could do reconciliations very quickly. It became the keystone of his Ph.D thesis, and he wrote SKS originally as a proof of concept of his idea. It’s written in an unusual programming language called OCaml, and in a fairly idiosyncratic dialect of it at that. This is of course no problem for a proof of concept meant to support a Ph.D thesis, but for software that’s deployed in the field it makes maintenance quite difficult. Not only do we need to be bright enough to understand an algorithm that’s literally someone’s Ph.D thesis, but we need expertise in obscure programming languages and strange programming customs.

The sources located at sks-keyserver BitBucket.

Currently they switched to the Hagrid, Sequoia PGP-based service, both implemented in Rust.


I haven’t looked at the code, but if this comment from HN is telling the truth, it’s even more ridiculous claim.


To my taste they should switch to Rust GPG client instead. And push it forward as an alternative to the GnuPG.

From what I read, it looks like this SKS thing should be running on a blockchain.
I guess some are pretty resilient to attacks.