Vincent Breitmoser writes:
>> - to do this keyservers will have to actually do cryptography
>
> Are you sure? I don't think there's any attack scenario here: If any
> such signature exists, you can't upload the key.
You can strip that signature. If you only consider
Danny Horne writes:
> # dig +norecurse +noall +stats @66.33.206.206 pgp.key-server.io
> ;; Query time: 136 msec
> ;; SERVER: 66.33.206.206#53(66.33.206.206)
> ;; WHEN: Fri Nov 18 17:51:19 UTC 2016
> ;; MSG SIZE rcvd: 62
>
> # dig +norecurse +noall +stats +tcp +time=20
Hi!
Kristian Fiskerstrand
writes:
> On 10/28/2016 02:22 PM, dirk astrath wrote:
>> Hello,
>>
Seems IPv6 connectivity is borked on https://sks-keyservers.net/status/
, no live keyservers are listed as having IPv6 available
>>> Yes, I'm
Hi!
Gabor Kiss writes:
> Or don't you want to peer with servers having too few keys?
Having too few keys leads to practical problems .. it directly leads to
excessive resource usage during recon. Having a large delta and not
catching up is a very good reason to de-peer.
Hi!
Danny Horne writes:
> I don't understand why you're seeing this error, can see it in my logs
> but test emails to my address (from GMail) are getting through
IPv4 vs IPv6
| $ swaks -6 --to da...@lockmail.net --from christoph.eg...@fau.de -q TO
| === Trying
Gunnar Wolf writes:
> Andrew Gallagher dijo [Wed, Aug 31, 2016 at 10:14:01AM +0100]:
>> I'm sceptical of the utility of ECC keys personally. They were first
>> proposed as a way of reducing work and storage space (because the
>> space of usable ECC keys is more compact than the
Steven Noonan <ste...@uplinklabs.net> writes:
> On 31/08/16 07:07, Christoph Egger wrote:
>> Steven Noonan <ste...@uplinklabs.net> writes:
>>> Attempted doing a dump and rebuild of my database from that, but it didn't
>>> help
>>> with this pro
SJ Zhu writes:
> 2016-08-27 13:54:52 Reconciliation attempt from unauthorized host [172.17.0.1]:39492>. Ignoring
Note that this is a private address from RFC 1918 space. So either
something is Nat'ing your incoming connections or this connection
attempt comes from within
Pascal Levasseur writes:
> Any explanation available for this unusual behavior ?
Quoting #debian-devel
> evil32 keys got revoked https://news.ycombinator.com/item?id=12298230
Christoph
--
9FED 5C6C E206 B70A 5857 70CA 9655 22B9 D49A E731
Debian Developer | Lisp
Gabor Kiss writes:
>> > Out of curiosity, is there any Debian-type repository one can use to
>> > install updates automatically?
>> >
>> https://packages.debian.org/jessie/sks ???
>
> Jessie is the _stable_ version. Its sks package won't be upgraded
> unless a major
Hi!
Gunnar Wolf writes:
> There are several tools relying on this (now very) weak 32-bit scheme;
> the first such tool we found was precisely the «PGP pathfinder & key
> statistics» service, which fails badly: Even specifying the full
> fingerprints, I do get three (absolutely
William Hay writes:
> On Thu, May 26, 2016 at 12:47:57AM +0200, Valentin Sundermann wrote:
>> Hi,
>>
>> I enforce HTTPS on all my domains by sending the HSTS header to my
>> visitors. HSTS forces the browser to use in future only secure
>> connections to this domain. More info
Tobias Frei writes:
> About lacking keys, well, if the pool selection mechanism causes
> working keyservers to be removed, that's a separate problem that needs
> to be solved after this one, I think. It should not be an argument for
> or against this suggestion, but
Christoph Egger <christ...@christoph-egger.org> writes:
> AFAIR keys.gnupg.net has been discussed here and keyserver oeprators are
> expected to make this work -- at least for hkps.
sorry that was meant to read hkp / port 11371
--
9FED 5C6C E206 B70A 5857 70CA 9655 22B9 D49A
Christoph Egger <christ...@christoph-egger.org> writes:
> of course -- if people use keys.gnupg.net with https, this advice should
> probably be fixed and/or the cname be moved to the "right" pool
Note that https://pool-sks-keyservers.net/ is also expected to not
work --
Hi!
"Kiss Gabor (Bitman)" writes:
> I found requests for https://keys.gnupg.net/ in my Apache logs
> on keys.niif.hu. Of course they were unsuccessful because
> my HTTP daemon is not set up to provide this virtual site.
>
> In the DNS we can see this:
> keys.gnupg.net
Hi!
Malte writes:
> On Friday, March 25, 2016 1:33:16 PM CEST Andrew Gallagher wrote:
>> Before we even *think* about a protocol, there are policy hurdles to be
>> overcome, e.g.:
>>
>> 1. What criteria should be met before a key is removed?
>
> Owner of private key or owner of
Hi!
Douglas writes:
> It doesn't benefit anyone to retain keys uploaded with malicious
> intent, so I believe it's worth discussing a mechanism for key removal
> due to abuse of the system.
Sure. I suggest you start by reading the Minsky paper on how the
keyservers
Hi!
Kristian Fiskerstrand
writes:
> as mentioned in [0] an experimental tor hidden service based on
> onionbalance is running on hkp://jirk5u4osbsr34t5.onion . A Tor column
> is added to the status pages, and participation requires manual
>
Hi!
Stephan Beyer writes:
> Does anyone of you have experience with MirageOS and knows what
> it takes to make a MirageOS unikernel from an "ordinary" OCaml program
> like sks?
You just have to rewrite any I/O code to the MirageOS library. So mostly
network and backend storage
Kiss Gabor (Bitman) ki...@ssg.ki.iif.hu writes:
Eeerrr... what is the risk of using a public service in
TOR user's point of view? (Compared to using a hidden service.)
His identity is hidden anyway.
End-To-End encryption and no CAs.
signature.asc
Description: PGP signature
Hi!
Running it on a Raspberry Pi shouldn't be a problem as SKS is
pretty low on resources (except for the building process).
Well sks needs rather decent storage (or maybe lots of RAM as caches?)
to performe remotely useable in my experience. In terms of normal RAM
and CPU usage it's
Hi!
The IP addresses configured for my keyserver[0] are about to
change. It will then also feature a static IPv4 address again.
Addresses are:
92.43.111.21
2a01:4a0:59:3151::f002
Regards
Christoph
[0] keyserver.siccegge.de / keyserver.christoph-egger.org
Just different names for
Hi!
Matt Wagner m...@ttwagner.com writes:
IPv6[1].
Looks good from here FWIW
Christoph
--
9FED 5C6C E206 B70A 5857 70CA 9655 22B9 D49A E731
Debian Developer | Lisp Hacker | CaCert Assurer
___
Sks-devel mailing list
Sks-devel@nongnu.org
Hi!
Seems uploading my gpg key (d49ae731) to pool.sks-keyservers.net fails
for several of the hosts in rotation:
gpg: sending key D49AE731 to hkp server 213.206.252.51
gpgkeys: HTTP post error 22: The requested URL returned error: 413 Request
Entity Too Large
gpg: keyserver internal error
gpg:
Arnold sk...@mallos.nl writes:
People with a very large key can put their full key at a special place of
their own
(they are likely to be above average active internet users). They can still
upload
their key with exp. time and all textual UIDs. However, they should remove
most of
the
Kiss Gabor (Bitman) ki...@ssg.ki.iif.hu writes:
- mitm attacks may manipulate up-/downloaded keys
no
Every uploaded key can be manipulated legally by anyone.
(I.e. you attach a new signature to your friend's key
and you send back to the key servers.)
Moreover anybody can send a totally
Pete Stephenson p...@heypete.com writes:
On 8/3/2014 3:03 PM, Tyler Schwend wrote:
Building the sks database from a dump takes a very long time, a lot
of disk space, and a lot of CPU. Is there a way to just move the
whole BDB from one host to another? I am switching hosts.
I'm not sure if
Ahoi!
Henning Kopp henning.k...@uni-ulm.de writes:
Is it possible to get a keydump of all gpg-keys? Are there any usage
restrictions? What would the size of the data be?
Take a look at
https://bitbucket.org/skskeyserver/sks-keyserver/wiki/KeydumpSources
I doubt any of the operators will mind
Filip Stefaniak stefan...@gmail.com writes:
W dniu 2013-11-12 14:12, Todd Lyons pisze:
On Tue, Nov 12, 2013 at 09:42:13AM +0100, Filip Stefaniak wrote:
I've tried to configure sks server with apache2 as described at
https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering
But I had a
Hi all!
Unfortunately keyserver.siccegge.de lost it's static IPv4
configuration. DNS has been set up to follow the actually used IP
addresses (hopefully visible soon on a Nameserver near you). I will soon
add a (static) IPv6 address again (allocated from
2001:a60:f01c::/48). If you are peering
Moin!
John Clizbe jpcli...@gingerbear.net writes:
Patrick R McDonald wrote:
I would like to upgrade my sks on Debian Squeeze from 1.1.1 to 1.1.3
using Debian backports. Is there anything of which I need to be aware
when making this upgrade?
if your 1.1.3 is linked with the same version of
Michael Nausch mich...@nausch.org writes:
- RProx??? whats that? reverseproxy?
Jep
- Port 80 it's colord false with red, 'cause you can reach my server
http://keyserver.nausch.org as you can reach it as
http://keyserver.nausch.org:11371
Hi all!
Due to changes at the location the keyserver is hostet, I'll have to
use dynamic IP addresses for now (IPv4 only, the v6 address stays
static). I might be able to give it static addresses again in the future
but for now I'll have to dael with changing addresses.
Regards
Christoph
John Clizbe jpcli...@gingerbear.net writes:
Christoph Egger wrote:
Something weird happening when fetching 0xE33EC63DF983 -- it gets
0x9CDF568F which doesn't even have a subkey called 0xE33EC63DF983 as
far as I can see. Anyone knows what's going on?
Regards
Christoph
Hi!
as your script is already tracking the status of keyservers on the
web, maybe it would be possible to send the administrator a mail every
time the keyserver drops out of the pool due to problems? Seems
keyservers have the tendency to actually fail after running for some
time and need
Hi!
Christoph Egger christ...@christoph-egger.org writes:
as your script is already tracking the status of keyservers on the
web, maybe it would be possible to send the administrator a mail every
time the keyserver drops out of the pool due to problems? Seems
keyservers have the tendency
Hi!
The IPv6 Address for keyserver.siccegge.de has changed (it's now
2001:a60:f01c:0:42::1). IPv4 addresses are still the same.
Regards
Christoph
pgpxTWd2Djxam.pgp
Description: PGP signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
Hi all!
Christoph Egger christ...@christoph-egger.org writes:
Due to random hangs I've stopped sks on keyserver.siccegge.de for now
which seems to improve things a bit (I'd bet on network stack). Will be
back after debugging stuff a bit / replacing hardware.
It's currently back online
Hi!
Due to random hangs I've stopped sks on keyserver.siccegge.de for now
which seems to improve things a bit (I'd bet on network stack). Will be
back after debugging stuff a bit / replacing hardware.
Regards
Christop
--
9FED 5C6C E206 B70A 5857 70CA 9655 22B9 D49A E731
Debian
Hi!
I noticed keyserver.siccegge.de is not in the port80 pool. However I
can get the status page over port80 and
gpg --keyserver hkp://keyserver.siccegge.de:80/ --recv-keys $KEYID
both works on IPv4 only hosts and IPv6 enabled systems.
Regards
Christoph
--
9FED 5C6C E206 B70A 5857
Hi!
Daniel Kahn Gillmor d...@fifthhorseman.net writes:
On 06/25/2012 01:50 AM, Christoph Egger wrote:
Daniel Kahn Gillmor d...@fifthhorseman.net writes:
On 06/25/2012 12:44 AM, Kristian Fiskerstrand wrote:
Please let me know if we should push the timeline some for the 1.1.2
minimum to get
Hi!
Daniel Kahn Gillmor d...@fifthhorseman.net writes:
On 06/25/2012 12:44 AM, Kristian Fiskerstrand wrote:
Please let me know if we should push the timeline some for the 1.1.2 minimum
to get more time for testing, as originally stated my primary goal is
getting to 1.1.3, so this shouldn't
Hi!
John Clizbe jpcli...@gingerbear.net writes:
I've never exceeded an inuse mutex count of ~42k, you shouldn't need that high
of a number either. Tunables in DB_Config won't help you on build, the BDB env
isn't created until 'sks clean'. Likewise the environment isn't created in
PTree until
Hi!
I was talking with some folks at a GPG crashcourse / Keysigning event
last week where I was asked for a pool cointaining only keyservers
reachable through standard HTTP(s) ports (usefull for example behind
restrictive firewalls). As far as I know no such pool exists but maybe
one could be
Hi!
Recently I started to see failures in my recon.log:
2012-04-04 23:35:59 Error getting missing keys: Failure(!DOCTYPE HTML PUBLIC
\-//IETF//DTD HTML 2.0//EN\)
2012-04-05 00:57:10 Error getting missing keys: Failure(html\r)
Interestingly all peers I'm seeing this kind of failure are
Andrey Korobkov korob...@fryxell.ru writes:
One more problem with IPv6 peering:
2011-04-07 00:23:44 address for keyserver.siccegge.de:11370 changed
from [] to [ADDR_INET [2001:a60:f01c:0:70:1:6:42]:11370, ADDR_INET
[212
.114.250.148]:11370, ADDR_INET [212.114.250.149]:11370]
2011-04-07
Andrey Korobkov korob...@fryxell.ru writes:
That's good :)
So, that was because SKS was listening on IPv4.
But what about:
2011-04-07 00:57:02 Recon partner: ADDR_INET
[2001:a60:f01c:0:70:1:6:42]:11370
2011-04-07 00:57:03 Initiating reconciliation
2011-04-07 00:57:05 recon as client error
Андрей Коробков korob...@fryxell.ru writes:
I'm using btrfs on server and reiserfs on desktop. May be, BDB do some
very-low level things?...
Is one of them 64 bit and the other 32 bit? If so that'll break. If the
server is 32bit you could build it on your desktop using a 32bit chroot
Hi!
Андрей Коробков korob...@fryxell.ru writes:
I want to set up keyserver, but it's only IPv6.
Would you accept it in the pool?
I don't see any reason to reject such a keyserver and would peer with
you as soon as yours is up!
Regards
Christoph
--
9FED 5C6C E206 B70A 5857 70CA 9655
Андрей Коробков korob...@fryxell.ru writes:
offtop
The only problem is to have such a huge key database being built from dump
on my memory-limited 32-bit home server. When I tried to do the thing on my
64-bit desktop
and then copy the DB files to server, SKS didn't want to start because of
Hi!
Hauke Lampe la...@hauke-lampe.de writes:
On 12.10.2010 00:23, Christoph Egger wrote:
After some more fiddling the firewall's now fine with IPv4 gossip
One problem remains:
Requesting 1 missing keys from ADDR_INET [212.114.250.149]:11371, starting
with C11C28AEA21E0CBF4960BC150B2D62DC
.
For operational issues, please contact me directly.
keyserver.siccegge.de 11370 # Christoph Egger christ...@christoph-egger.org
0xD49AE731
Regards
Christoph
--
9FED 5C6C E206 B70A 5857 70CA 9655 22B9 D49A E731
Debian Developer | Lisp Hacker | CaCert Assurer
A. Because it breaks the logical
.
Regards
Christoph
keyserver.siccegge.de 11370 # Christoph Egger christ...@christoph-egger.org
0xD49AE731
--
9FED 5C6C E206 B70A 5857 70CA 9655 22B9 D49A E731
Debian Developer | Lisp Hacker | CaCert Assurer
A. Because it breaks the logical sequence of discussion
Q. Why is top posting
Christoph Egger christ...@christoph-egger.org writes:
Hi!
Gaudenz Steinlin gaud...@soziologie.ch writes:
Hi Christoph
I would like to peer with your server but I can currently not connect
to it on IPv4. It works on IPv6 though. Is this intentional?
No it's not intentional -- but well
55 matches
Mail list logo