Re: [Sks-devel] Ports used by sks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David Shaw wrote: > On Feb 2, 2009, at 7:30 PM, Christoph Anton Mitterer wrote: > >>> Also, isn't the port changeable on a per-peer basis in SKS? If so, >>> there is no point in registering the port at all, as setting up a new >>> peer is a manual operation. >> >> Well but this is also the case with the 11371 port, and basically with >> most other protocols, too, isn't it? > > No, the 11371 port is needed because it is part of the HKP protocol, > just like 80 is part of the HTTP protocol. 11370, on the other hand, is > just some port that SKS uses. It's not in use by clients. That port is > manually configured. Isn't port 80 simply the default port used by http, certainly it's not uncommon to use other ports (8080 springing to mind). The http spec (rfc2616) says: "The default port is TCP 80 [19], but other ports can be used." [19] is a pointer to rfc1700 - assigned numbers. - -- Andy Ruddock - andy.rudd...@rainydayz.org (GPG Key ID 0xA622D452) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmH62wACgkQfSkWkaYi1FJP9gCfXkNBm2tikNBaxbfPn3MLrMKt /40An2JXYmZ4wTxwPaDMU3NuUCiEvxvR =zMPZ -END PGP SIGNATURE- ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Ports used by sks
On Feb 2, 2009, at 7:30 PM, Christoph Anton Mitterer wrote: Also, isn't the port changeable on a per-peer basis in SKS? If so, there is no point in registering the port at all, as setting up a new peer is a manual operation. Well but this is also the case with the 11371 port, and basically with most other protocols, too, isn't it? No, the 11371 port is needed because it is part of the HKP protocol, just like 80 is part of the HTTP protocol. 11370, on the other hand, is just some port that SKS uses. It's not in use by clients. That port is manually configured. David ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Ports used by sks
On Mon, 2009-02-02 at 19:21 -0500, David Shaw wrote: > No. You should have a document specifying what the port actually is > and the protocol that is used on the port before you claim it. There > is a spec for 11371. You need a spec for 11370. I was aware of that process :-) > Also, isn't the port changeable on a per-peer basis in SKS? If so, > there is no point in registering the port at all, as setting up a new > peer is a manual operation. Well but this is also the case with the 11371 port, and basically with most other protocols, too, isn't it? > A SKS instance doesn't need to know a > well-known port to become a peer. Well it was just an idea, when I saw that probably most keyservers sticked with the default (11370) and this was still unassigned. I didn't intend to step on someones feet :) btw: I was not about to register a port number in the well-known range ;) Best wishes, -- Christoph Anton Mitterer Ludwig-Maximilians-Universität München christoph.anton.mitte...@physik.uni-muenchen.de m...@christoph.anton.mitterer.name smime.p7s Description: S/MIME cryptographic signature ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Ports used by sks
On Feb 2, 2009, at 5:44 PM, Christoph Anton Mitterer wrote: On Mon, 2009-02-02 at 15:30 -0500, David Shaw wrote: The policy didn't exist yet when some of the early protocols got their port numbers. Certainly for the past 10 years or so, if you got one, you got the other. At least, that's what I was told when I registered HKP (port 11371). Yes,... and for other protocols,.. you'd have to apply specifically... (e.g. sctp). Anyway,.. should I apply for it now? I mean 11370? No. You should have a document specifying what the port actually is and the protocol that is used on the port before you claim it. There is a spec for 11371. You need a spec for 11370. Also, isn't the port changeable on a per-peer basis in SKS? If so, there is no point in registering the port at all, as setting up a new peer is a manual operation. A SKS instance doesn't need to know a well-known port to become a peer. David ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
[Sks-devel] How to compact sks DB?
Hi. How can I compact the BDB used by sks? When I've downloaded the initial dump this used about 3,6 GB But after running /usr/lib/sks/sks_build.sh (in normal mode) I have about this: /var/lib/sks/DB# l total 7,1G drwx-- 2 root root 4,1k 2009-02-02 23:24 . drwx-- 5 debian-sks debian-sks 4,1k 2009-02-02 23:25 .. -rw--- 1 root root25k 2009-02-02 23:25 __db.001 -rw--- 1 root root 1,4M 2009-02-02 23:48 __db.002 -rw--- 1 root root27M 2009-02-02 23:48 __db.003 -rw--- 1 root root99k 2009-02-02 23:25 __db.004 -rw--- 1 root root58k 2009-02-02 23:25 __db.005 -rw--- 1 root root 6,2G 2009-02-02 23:23 key -rw--- 1 root root 128M 2009-02-02 23:24 keyid -rw--- 1 root root11M 2009-02-02 23:25 log.01 -rw--- 1 root root 8,2k 2009-02-02 23:25 meta -rw--- 1 root root 120M 2009-02-02 23:24 subkeyid -rw--- 1 root root98M 2009-02-02 23:24 time -rw--- 1 root root 8,2k 2009-02-02 21:38 tqueue -rw--- 1 root root 507M 2009-02-02 23:24 word Thanks, -- Christoph Anton Mitterer Ludwig-Maximilians-Universität München christoph.anton.mitte...@physik.uni-muenchen.de m...@christoph.anton.mitterer.name smime.p7s Description: S/MIME cryptographic signature ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Ports used by sks
On Mon, 2009-02-02 at 15:30 -0500, David Shaw wrote: > The policy didn't exist yet when some of the early protocols got their > port numbers. Certainly for the past 10 years or so, if you got one, > you got the other. At least, that's what I was told when I registered > HKP (port 11371). Yes,... and for other protocols,.. you'd have to apply specifically... (e.g. sctp). Anyway,.. should I apply for it now? I mean 11370? hkp-server 11370/tcp OpenPGP HTTP Keyserver reconciliation hkp-server 11370/udp OpenPGP HTTP Keyserver reconciliation or hkp-recon 11370/tcp OpenPGP HTTP Keyserver reconciliation hkp-recon 11370/udp OpenPGP HTTP Keyserver reconciliation or hkp-sync 11370/tcp OpenPGP HTTP Keyserver synchronisation hkp-sync 11370/udp OpenPGP HTTP Keyserver synchronisation or anything else? Best wishes, -- Christoph Anton Mitterer Ludwig-Maximilians-Universität München christoph.anton.mitte...@physik.uni-muenchen.de m...@christoph.anton.mitterer.name smime.p7s Description: S/MIME cryptographic signature ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Ports used by sks
On Mon, Feb 02, 2009 at 01:25:55PM -0700, Joseph Oreste Bruni wrote: > > On Feb 2, 2009, at 1:19 PM, David Shaw wrote: > >> On Mon, Feb 02, 2009 at 11:15:04AM -0700, Joseph Oreste Bruni wrote: >>> Is UDP really used? >> >> No. The way the IETF assigns numbers, if you get the TCP number, you >> get the UDP number with it. >> >> David > > Except for 514. > > :) > > I'm guessing this is the exception that proves the rule? The policy didn't exist yet when some of the early protocols got their port numbers. Certainly for the past 10 years or so, if you got one, you got the other. At least, that's what I was told when I registered HKP (port 11371). David ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Ports used by sks
On Feb 2, 2009, at 1:19 PM, David Shaw wrote: On Mon, Feb 02, 2009 at 11:15:04AM -0700, Joseph Oreste Bruni wrote: Is UDP really used? No. The way the IETF assigns numbers, if you get the TCP number, you get the UDP number with it. David Except for 514. :) I'm guessing this is the exception that proves the rule? ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Ports used by sks
On Mon, Feb 02, 2009 at 11:15:04AM -0700, Joseph Oreste Bruni wrote: > Is UDP really used? No. The way the IETF assigns numbers, if you get the TCP number, you get the UDP number with it. David ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Ports used by sks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 11371 - De facto Key Server Port (hkp) 11370 - SKS Peering port (required to talk to other SKS servers) You'll also find a lot of key servers running on 80 (HTTP) for web browsers, I even offer it on 443 (HTTPS) According to /etc/services HTTP uses both TCP & UDP, given that HKP uses HTTP I would have to presume that UDP is required (might not be for peering however) - -R Joseph Oreste Bruni wrote: > Is UDP really used? > > > On Feb 2, 2009, at 11:09 AM, Christoph Anton Mitterer wrote: > >> Hi. >> >> I've seen that sks (other keyservers, too??) uses >> hkp 11371/tcp OpenPGP HTTP Keyserver >> hkp 11371/udp OpenPGP HTTP Keyserver >> >> but also port 11370... should we apply for that port? >> If so I could do the work if you like :-) >> >> Best wishes, >> -- >> Christoph Anton Mitterer >> Ludwig-Maximilians-Universität München >> >> christoph.anton.mitte...@physik.uni-muenchen.de >> m...@christoph.anton.mitterer.name >> ___ >> Sks-devel mailing list >> Sks-devel@nongnu.org >> http://lists.nongnu.org/mailman/listinfo/sks-devel > > > > ___ > Sks-devel mailing list > Sks-devel@nongnu.org > http://lists.nongnu.org/mailman/listinfo/sks-devel -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkmHU2kACgkQIcAiq3SnceEqeACfarek+2gU/X7Q9DXJe7DB4Oi/ zZMAn0UEb4iDLvsnLXfN3KvIWZOpeGMT =2CFT -END PGP SIGNATURE- ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] SKS upgrade procedure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John Webster wrote: > Hello, > > Is there a SKS upgrade procedure posted anywhere? John, I don't recall ever seeing one. For SKS, as long as the DB version stays constant, I believe building the new version and replacing the binaries should be enough. To upgrade an existing KDB and PTree database, one needs to follow the db_archive/db_checkpoint procedures that are part of the online release notes on Oracle's site. (Usually it's nothing more than a log format change) #include Good luck - -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-k...@gingerbear.net?subject=help Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10-svn4907-2008-12-21 (Windows XP) Comment: When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl! Comment: Be part of the £33� ECHELON -- Use Strong Encryption. Comment: It's YOUR right - for the time being. Comment: Using GnuPG with SeaMonkey - http://enigmail.mozdev.org iJwEAQECAAYFAkmHUMwACgkQvh+YERi7NzrPHgQA063sE/7POmFuXVu+vVS0eAuz lojgINNdxKVP2HmBWYoVDG7fA1xQ/x4tHaceevkmWAn6iLe2TvTckqnmyCtntSzt MBD/60HDmV71Jr4qcCvYaxFfpPztXOH7oyTQlkRiENGnNzKVGzg5HFVdSQAfjRq6 CZnwbRxoL0CM4xknbMOIRgQBEQIABgUCSYdQzAAKCRAdBKxKYI0qEHoIAKDHg24c qspl5zzd6vjlu6LyMNn/+QCg9rwT5u3gEDWniCp565CNBwKt7yU= =VCQf -END PGP SIGNATURE- ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Restart server after adding/removing peers?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Stephan Beyer wrote: >> Is a server restart required after adding/removing peers from the >> membership file > > No. > >> or will changes be detected automatically? > > Yes. > Thank you. - -- Andy Ruddock - andy.rudd...@rainydayz.org (GPG Key ID 0xA622D452) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmHT50ACgkQfSkWkaYi1FK6fgCfd/gWO/ZcFPs/mkRFHB+CCzKi H4EAn2DAlIHwvK8n4IqEeNhuSVn+Uijm =XkZv -END PGP SIGNATURE- ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
[Sks-devel] SKS upgrade procedure
Hello, Is there a SKS upgrade procedure posted anywhere? Thanks. jw pgpz3L4wKjGTt.pgp Description: PGP signature ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Ports used by sks
Is UDP really used? On Feb 2, 2009, at 11:09 AM, Christoph Anton Mitterer wrote: Hi. I've seen that sks (other keyservers, too??) uses hkp 11371/tcp OpenPGP HTTP Keyserver hkp 11371/udp OpenPGP HTTP Keyserver but also port 11370... should we apply for that port? If so I could do the work if you like :-) Best wishes, -- Christoph Anton Mitterer Ludwig-Maximilians-Universität München christoph.anton.mitte...@physik.uni-muenchen.de m...@christoph.anton.mitterer.name ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
[Sks-devel] Ports used by sks
Hi. I've seen that sks (other keyservers, too??) uses hkp 11371/tcp OpenPGP HTTP Keyserver hkp 11371/udp OpenPGP HTTP Keyserver but also port 11370... should we apply for that port? If so I could do the work if you like :-) Best wishes, -- Christoph Anton Mitterer Ludwig-Maximilians-Universität München christoph.anton.mitte...@physik.uni-muenchen.de m...@christoph.anton.mitterer.name smime.p7s Description: S/MIME cryptographic signature ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Restart server after adding/removing peers?
> Is a server restart required after adding/removing peers from the > membership file No. > or will changes be detected automatically? Yes. -- Stephan Beyer , PGP 0x6EDDD207FCC5040F ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
[Sks-devel] Restart server after adding/removing peers?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Is a server restart required after adding/removing peers from the membership file or will changes be detected automatically? - -- Andy Ruddock - andy.rudd...@rainydayz.org (GPG Key ID 0xA622D452) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmHFvMACgkQfSkWkaYi1FK7IgCgjCigqQbyMQwFR48yTVlPjn0H vycAnj92Y4BLZfF8aeqf3/QQfMB7UI8t =3TDI -END PGP SIGNATURE- ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] looking for initial key dump and gossip partners
Hi Christoph, > I'm about to set up a sks server using Debian's packages on > keyserver.pki.scientia.net. > > I've looked through the list for some URIs with where I can get an > initial key dump. But all I've found where orphaned and not working. Have you seen this? http://keysigning.org/sks/ > I'd also like to (as many as possible?!) gossip partners. Just drop a notice here if your server is already up. Gabor ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] looking for initial key dump and gossip partners
Christoph Anton Mitterer wrote: > I've looked through the list for some URIs with where I can get an > initial key dump. But all I've found where orphaned and not working. You can try these ones, which hold up-to-date keydumps: ftp://ftp.pramberger.at/services/keyserver/keydump/ ftp://ftp.prato.linux.it/pub/keyring/ They are linked from http://www.keysigning.org/sks/ - a site with a good introduction text on how to get started. Ciao, Johan smime.p7s Description: S/MIME cryptographic signature ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
[Sks-devel] looking for initial key dump and gossip partners
Hi list. I'm about to set up a sks server using Debian's packages on keyserver.pki.scientia.net. I've looked through the list for some URIs with where I can get an initial key dump. But all I've found where orphaned and not working. I'd also like to (as many as possible?!) gossip partners. I think I'll be able to provide this service for some longer time (at least as long traffic doesn't exceed some 200GB or so)... What I've read in the list is the the average per day is about 100MB? I'd also like to be added to the pools, once my server is working, but so far I can only support IPv4. Thanks -- Christoph Anton Mitterer Ludwig-Maximilians-Universität München christoph.anton.mitte...@physik.uni-muenchen.de m...@christoph.anton.mitterer.name smime.p7s Description: S/MIME cryptographic signature ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
[Sks-devel] New sks pgp keyserver at pgp.gabrix.ath.cx
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi all ! The pgp.gabrix.ath.cx:11370 is up and running .You can reach it also via http a http://pgp.gabrix.ath.cx:11371/ . Add my pgp.gabrix.ath.cx:11370 to your membership file and contact me at ad...@gabrix.ath.cx 0x80231A90. Gab - -- Key ID: BC4F9423 Fingerprint: 36C6 E257 2801 46E7 69A7 8721 F502 1342 BC4F 9423 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEAREKAAYFAkmG/XwACgkQ9QITQrxPlCO5TgCeKXO6U0L1i5hF/jDdnTyJ0L1B 8lkAn1zjR8gBbbD9rHQnIAUBBRauCuiq =rwqX -END PGP SIGNATURE- ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel