Re: [Sks-devel] IPv4 vs. IPv6? -- Reconciliation attempt from unauthorized host, but host is authorized

2013-12-03 Thread Karl Schmitz
Hi Daniel and Phil, maybe you should suggest adding the IPv4 compatibility DNS record (i.e., *sks-peer :::94.142.241.93*) to the administrator of sks-peer.spodhuis.org. To see if that'll work out, try adding an equivalent record to your /etc/hosts temporarily. Just my two cents, Karl

Re: [Sks-devel] IPv4 vs. IPv6? -- Reconciliation attempt from unauthorized host, but host is authorized

2013-12-03 Thread Kim Minh Kaplan
Daniel Kahn Gillmor writes: But it seems like there are two approaches that could be taken to fix it, and only one of them ought to rely on IPV6_V6ONLY: a) sks could set IPV6_V6ONLY on all listening sockets, and require the administrators to explicitly list IPv4 addresses differently from

Re: [Sks-devel] IPv4 vs. IPv6? -- Reconciliation attempt from unauthorized host, but host is authorized

2013-12-03 Thread Daniel Kahn Gillmor
On 12/03/2013 06:11 AM, Karl Schmitz wrote: maybe you should suggest adding the IPv4 compatibility DNS record (i.e., *sks-peer :::94.142.241.93*) to the administrator of sks-peer.spodhuis.org. To see if that'll work out, try adding an equivalent record to your /etc/hosts

Re: [Sks-devel] IPv4 vs. IPv6? -- Reconciliation attempt from unauthorized host, but host is authorized

2013-12-03 Thread Daniel Kahn Gillmor
On 12/03/2013 11:41 AM, Kim Minh Kaplan wrote: But this *is* the approach that SKS uses, except that it does not have to set IPV6_V6ONLY. Like I wrote in a previous answer, SKS requires the administrator to list all addresses, IPv4 and IPv6. As an alternative you can use the hostname. But I do

Re: [Sks-devel] IPv4 vs. IPv6? -- Reconciliation attempt from unauthorized host, but host is authorized

2013-12-03 Thread Kristian Fiskerstrand
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 12/03/2013 06:08 PM, Daniel Kahn Gillmor wrote: On 12/03/2013 11:41 AM, Kim Minh Kaplan wrote: But this *is* the approach that SKS uses, except that it does not have to set IPV6_V6ONLY. Like I wrote in a previous answer, SKS requires the

Re: [Sks-devel] IPv4 vs. IPv6? -- Reconciliation attempt from unauthorized host, but host is authorized

2013-12-03 Thread Phil Pennock
On 2013-12-02 at 01:30 -0500, Daniel Kahn Gillmor wrote: On 11/27/2013 04:30 PM, Phil Pennock wrote: If you're free to do so on this box, you can change the global state with the `net.ipv6.bindv6only` sysctl; set it to 1 from 0. hm, this seems like it would have cascading effects over

Re: [Sks-devel] IPv4 vs. IPv6? -- Reconciliation attempt from unauthorized host, but host is authorized

2013-12-03 Thread Daniel Kahn Gillmor
On 12/03/2013 12:34 PM, Phil Pennock wrote: IMO, SKS should either set v6only on the accepting sockets explicitly, or remove the defaults and treat :: and 0.0.0.0 as a configuration error, since the status quo uses inconsistent logic to defend its stance. I like these suggestions. Thanks for

Re: [Sks-devel] IPv4 vs. IPv6? -- Reconciliation attempt from unauthorized host, but host is authorized

2013-12-03 Thread John Clizbe
Daniel Kahn Gillmor wrote: On 11/27/2013 04:30 PM, Phil Pennock wrote: On 2013-11-27 at 12:57 -0500, Daniel Kahn Gillmor wrote: i'm running sks 1.1.4 on Debian GNU/Linux, wheezy, amd64 (x86_64) platform. I see the following situation in the logs of the recon process (this is just an

Re: [Sks-devel] IPv4 vs. IPv6? -- Reconciliation attempt from unauthorized host, but host is authorized

2013-12-03 Thread Kim Minh Kaplan
John Clizbe : I'm perfectly fine with bumping the minimums to Ocaml 3.12.1 Reading http://caml.inria.fr/distrib/ocaml-3.11/notes/Changes apparently IPV6_ONLY is available since Objective Caml 3.11.0. -- Kim Minh ___ Sks-devel mailing list