Re: [Sks-devel] Peering status of limited peers
On 2013-08-12 at 20:00 -0400, Phil Pennock wrote: http://people.spodhuis.org/phil.pennock/tmp/sks-degree7.png It's 4035x2505 and very readable. 600kB. Nodes without a non-zero keycount are dropped. Edges which are not mutual are dropped (you only really peer if both sides agree you peer); thus there's a bias against recently added peerings, if one side does not have stats being regenerated after adding peers. Nodes with a green border have at least 7 peers. Nodes with a red border do not. I'm not debugging what happened to stinkfoot.org right now. The only edges shown are those where at least one of the nodes is coloured red. I realised later that night what the black border means: it means that the host has no valid peerings, so a colour is not set. So: * stinkfoot.org * keyserver.novomundo.com.br do not have any functioning peering relationships and are not getting PGP key updates. Indeed, you can see the complete absence of updates on: http://stinkfoot.org:11371/pks/lookup?op=stats http://keyserver.novomundo.com.br:11371/pks/lookup?op=stats Both servers list peers, but none of those are shared peering relationships. Thus stinkfoot.org is 25k keys behind and keyserver.novomundo.com.br is 250k+ keys behind. pgpwk3ec78TAC.pgp Description: PGP signature ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Peering status of limited peers
On Wed, 2013-08-14 at 04:08 -0400, Phil Pennock wrote: * stinkfoot.org I'm one of it's two peers... Not sure why reco doesn't work here... the server still uses my old DNS name (i.e. without the a.) in front of it, but for IPv4 this should work as long as I haven't added further addresses to the now round-robin keyserver.pki.scientia.net. Anyway,... the person I suppose to be the operator haven't answered my mail yet. Cheers, Chris. smime.p7s Description: S/MIME cryptographic signature ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Peering status of limited peers
On Wed, 2013-08-14 at 03:23 +0200, Petru Ghita wrote: Are there some error messages that should be monitored on the log files? Well apart from denied reconciliations (both as server client)... it's probably interesting do monitor 417/5xx HTTP errors... (not sure though whether SKS itself logs these at all). Cheers, Chris. smime.p7s Description: S/MIME cryptographic signature ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
[Sks-devel] Who runs reg.goeswhere.com ?
I have rejected reconciliation connections from the host reg.goeswhere.com; checking stats, I see that they have 27 configured peers, but only 7 of those are mutual. 20 outbound configured peers where the peer does not have you configured as a peer seems to suggest that someone has just added a bunch of peers without asking and then gotten some of them to peer back. Does anyone know who runs this keyserver, please? Can you give me contact details so that I can ask them to remove me from their configuration? Thanks, -Phil pgpXTqi2q5br6.pgp Description: PGP signature ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Peering status of limited peers
On 2013-08-14 at 15:16 -0400, Phil Pennock wrote: On 2013-08-14 at 20:55 +0200, Christoph Anton Mitterer wrote: On Wed, 2013-08-14 at 04:08 -0400, Phil Pennock wrote: * stinkfoot.org I'm one of it's two peers... Not sure why reco doesn't work here... the server still uses my old DNS name (i.e. without the a.) in front of it, but for IPv4 this should work as long as I haven't added further addresses to the now round-robin keyserver.pki.scientia.net. You are running with a reverse proxy in front of 11371. They are running SKS 1.0.10, a very old version, which uses HTTP/0.9 for POST requests, so can not send you keys. They should be able to fetch keys, and you should be able to fetch and send keys. Your recon logs should provide more information about what's happening. I was clearly not paying attention to what I was writing: sorry. I should have taken the time to remember what SKS does for reconciliation. Reconciliation has each party _fetch_ keys from the other, they're never pushed, but the HTTP method used to _fetch_ keys is a POST request. So they can never retrieve keys from you, because their POSTs to you are blocked by the reverse proxy. -Phil ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
[Sks-devel] key-server.nl ptree rebuild
Hi, As of late I hit a lot of PTree corruption issues, I'm currently rebuilding the PTree and also upgraded sks-1.1.3 to version 1.1.4. The key server should be back online once the rebuild finishes. Regards, ~maze pgpozKWeGAQOB.pgp Description: PGP signature ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
[Sks-devel] reg.goeswhere.com disabled properly this time
This machine isn't even supposed to be up anymore, and certainly isn't supposed to have sks configured. No idea what happened, sorry. All disabled properly now. ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel