Re: anonymify a PGP key legally correctly // Re: ... GDPR takedown request

ted in court); but one is responsible to make the data > unable to be connected to a person. IMHO it would be enough to strip any Ths question is: which person? Several peoples may have identical name. At least 3 different "Gabor Kiss"-es uploaded their keys to the key servers. A

Re: ... GDPR takedown request

On Tue, 14 Jun 2022, I?aki Arenaza wrote: > willingness to prove it), he could also use a digital certificate system > that is operated by the government and legally binding in my > country[1][2] (both of us are Spanish citizens). > > And at my request, he has digitally signed a document

Re: ... GDPR takedown request

eral hits for "Luis Puerto". This seems to be a quite common name (just like mine :). How to figure out if a given record contains name of the "real" Puerto and not an other's? What if I get crazy and I want all "Gabor Kiss" records to be deleted? Do you simply bel

Re: keyserver.insect.com GDRP takedown request

On Fri, 27 May 2022, Wiktor Kwapisiewicz wrote: > > IMHO Mr. Puerto must show some evidence first about the key to delete > > belongs to him. Otherwise any impostor can make delete other guys' key. > > This is actually pretty easy - they could cleartext sign a piece of text. I did not say it

Re: shutdown of pgpkeys.co.uk and pgpkeys.uk

On Wed, 23 Jun 2021, Andrew Gallagher wrote: > Making sks-keyservers.net point to somewhere that still works has merit. I > would be cautious about taking it on though, as whoever owns it will inherit > Kristian's GDPR problems. You would need to be prepared to respond to RTBF > requests in a

Re: Livelihood statistics of the SKS keyserver network

d be useful if you could standardize the graphs somehow. I.e. try to PLOT successful_connections per time_interval. Regards Gabor Kiss -- No smoke, no drugs, no vindoze.

Re: Lost membership file. Seeking peers

On Sun, 4 Apr 2021, Dan Egli wrote: > fighting, the system is back. Unfortunately, in the process I lost my > membership file, so I have no idea who I was peering with. I've plugged in the Check this: https://sks-keyservers.net/status/ks-peers.php?server=jupiter.newideatest.site Gabor -- A mug

Re: An evil idea :-)

On Mon, 22 Mar 2021, Andreas Puls wrote: > > One can decide to setup a proxy server without any own backend > > but redirecting queries to some of the existing servers. > > No one would recognize the cheating. :-) > > > Looks like somebody already done that :) > Just got a reuqest for the host

Re: Lying about Hockeypuck being SKS?

On Mon, 22 Mar 2021, Marcel Waldvogel wrote: > a) We leave it as is, Hockeypuck is fine, but just not in the pool. > b) We create a second pool, where Hockeypuck is acceptable (and > probably SKS as well). > c) We agree that Hockeypuck lying to be SKS is accepted in the pool, > and maybe even

Re: seeking peers for hyperboria.net.pl

On Wed, 14 Oct 2020, Adam Wojcieszonek wrote: > - loaded dump from > keys.niif.hu/ > (14.10.2020) Folks, FYI unfortunately the last successful dump was two months ago on keys.niif.hu. Since then some database corruption prevents dumping. I delete the garbled files from the dump area right now.

Re: Desperately Seeking Kristian - SKS HKPS certificate renewals

On Thu, 11 Jun 2020, Todd Fleisher wrote: > Has anyone seen or heard from Kristian in the last month or so? I?ve reached > SKS HKPS pool will become defunct. If anyone has other channels by which to > reach Kristian, please use them to reach out and make sure he is OK & aware > of this impending

Re: 6 million

On Fri, 1 May 2020, Stefan Claas wrote: > And in case those are not regular or updated keys, are there > any good keydump analyzing tools availabe which one can use > for analyzing the freely available key dumps? I would create such a programs from the scratch but I cannot find even the format

Re: keys.niif.hu is down. help needed

> i have dumps though i might be out of sync. > you can try lowering the batches to import. it'll take longer to import but > is safer. > see the notes in this section: > > http://mirror.square-r00t.net/#dumps-importing Many thanks. :-) "keys.niif.hu back on the air". Gabor

Re: [Sks-devel] searching for new peers

ur config: keys.niif.hu 11370 # Gabor Kiss 0x3B4A0EFBBD368329 Regards Gabor -- "Wenn ist das Nunstück git und Slotermeyer? Ja! ... Beiherhund das Oder die Flipperwaldt gersput." ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.o

Re: [Sks-devel] Extreme memory usage

> If you do an 'lsof' you will also see all the dump files (223 when I > built it) are open, even when having done a normal build. The only way > to prevent this is to move the dump directory after the build finishes. > This could also be contributing to the resource consumption. Dump files are

Re: [Sks-devel] Ten thousands new keys

> In the last 3 days some 3 new keys were uploaded. > The rate is 10 times higher than the average. Update: 6+ new keys arrived just yesterday according to Kristian's statistics. https://sks-keyservers.net/status/key_development.php I copy here for later reference: Keys added today

Re: [Sks-devel] Seeking peers for sks.stsisp.ro

ks.stsisp.ro 11370 # 0x771a3bcce74c8cdd > > Thank you Dear Emily, You should not add dozens of peers to your membership file with a high hand. Peering is based on arrangements. Gabor Kiss ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel

[Sks-devel] No dumps

> I have loaded key dumps from http://stueve.us/keydump. > I see 5.450.511 keys loaded. Just a note. steve.us/keydump looks like ths: ... sks-dump-0085.pgp 01-Dec-2018 02:22 121M sks-dump-0086.pgp 01-Dec-2018 02:23 126M sks-dump-0087.pgp 01-Dec-2018

Re: [Sks-devel] Annoying malicious keys - any easy solution?

> So, what can I do? > I know ths patch (which seems to be included in debian sks package) to > ignore one special malicious key, but that seems to not help about those > noted above. Is there a patch to add more keys to be ignored? > As some IPs requests the same KeyID over and over again (>100

Re: [Sks-devel] "SKS is effectively running as end-of-life software at this point"?

> There are a handful of people with the background and skills to write a > next-generation keyserver. I looked into it a dozen years ago and wrote > up a whitepaper on it. I know Phil Pennock has put a lot of thought > into it. Andrew, likewise. There are easily five or six people on this >

Re: [Sks-devel] Another poison-key?

> 2019-01-29 14:21:22 Adding hash 7594FE72B3E93A0350D9950B926F81A7 > 2019-01-29 14:21:22 Del'ng hash A3875A8B77A3ABADE2B855A8FCABC73D > 2019-01-29 14:22:29 add_keys_merge failed: Eventloop.SigAlarm > 2019-01-29 14:22:38 Key addition failed: Eventloop.SigAlarm > > My best guess is that this key

Re: [Sks-devel] Another Poison Key?

> i noticed a key, which, whenever one of my peers tries to send it to me, is > failing and causing unstable enlistment in the sks pool list. My typical logs in the same time: > Jan 14 13:54:08 atlas sks[17917]: 2019-01-14 13:54:08 Requesting 100 missing > keys from , starting with >

Re: [Sks-devel] Unusual traffic for key 0x69D2EAD9 and 0xB33B4659

> Request counted in 2h: > >178 0xB33B4659 > 186 0x69D2EAD9 > 290 0x2016349F5BC6F49340FCCAF99F9169F4B33B4659 > 336 0x1013D73FECAC918A0A25823986CE877469D2EAD9 I checked my logs. 15% of the recent 18k requests were related to these keys. They belong to: FreePBX Module Signing

Re: [Sks-devel] keyserver.brian.minton.name offline for a few days

> So it looks like the dump from keys.niif.hu got corrupted as well... Ooops! Thanks for the heads-up. I'll check it. Gabor ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Suspension of sks*.verioweb.de

> > due to the GDPR discussion and the devs not moving from their point of > > Who do you think "the devs" are? Yeah. AFAIK "dev" is within the name of the list only but the subscribers. There are only operators here. (And a journalist.) Gabor ___

Re: [Sks-devel] New Article on SKS-Keyservers

Hehe... This "yakamo k" really does not like the key servers. Gabor -- The Meaning of Life of Brian ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Seeking peers for keyserver.gnumail.de

> I am looking for peers for a new SKS keyserver installation. > > I am running SKS version 1.1.6, on keyserver.gnumail.de > It is a private machine. > The server is physically located in Germany (EU). > The machine has no IPv6 connectivity yet. > > I have loaded a keydump from keys.niif.hu,

[Sks-devel] Clustering (Was: New Keyservers and Dumps)

On Thu, 23 Aug 2018, Kristian Fiskerstrand wrote: > Are the servers clustered in any way? In my experience each site needs > at least 3 nodes to ensure proper operation (mainly if A and B are > gossipping C can still respond to requests, depending on the amount of > traffic / speed of the node to

Re: [Sks-devel] sks.daylightpirates.org is staying

> My server (sks.daylightpirates.org) currently has an uptime of > 97.95%, but every few hours the "sks db" process spikes to 100% > CPU which makes the web interface completely unresponsive, which > I'm guessing is why I keep getting kicked out of the pool. > > In the db.log, for each of these

Re: [Sks-devel] heads-up: another attack tool, using SKS as FS

> > Then let's drop keys that don't contain a valid email address in the key id. > > How do you propose to validate the email address? > > (Hint: this is a surprisingly hard problem.) See also "web of trust" and "strong set". Addresses should/can be checked by humans worldwide who sign/certify

Re: [Sks-devel] SKS intermittently stalls with 100% CPU & rate-limiting

> I have tried almost everything, from downloading a dump and starting the > server sks again to reinstall system and everything else, the result is > always the same, it works well for a while, sometimes an hour sometimes > a little more and suddenly it it freezes the key server, reaching 80% >

Re: [Sks-devel] disk full, keys.niif.hu crashed

On Fri, 15 Jun 2018, Kiss Gabor (Bitman) wrote: > Yesterday at 18:15 (CEST) keys.niif.hu started to produce tons > of logs in /var/lib/sks/DB. In less than 2 hours the 40 GB filesystem > got fulfilled. > Deleting files and restarting processes did not help: > Unfortunately I cannot work on

Re: [Sks-devel] Seeking new peers for keyserver.zap.org.au

> been fairly quiet since then, but the service is still going, so > it's about time I ask for new peers. Dear John, I wonder what do you expect from more peers? :-) Hanor ___ Sks-devel mailing list Sks-devel@nongnu.org

Re: [Sks-devel] [GnuPG-devel] Keyservers and GDPR

> My personal conclusion is that keyservers that support user id packets are, > quite simply, incompatible with GDPR law. Has anyone else thought about this? I did. I agree with you. > From the view of an app, the GDPR requires "privacy by design" and "privacy by > default". This conflicts with

Re: [Sks-devel] SKS apocalypse mitigation

> I think all SKS servers should attempt to recon with as many other > servers as they can find. The tools exist to walk the network from a > known starting point or points and enumerate all responsive hosts. Why > not have each SKS server walk the network and update the in-memory copy > of its

Re: [Sks-devel] SKS apocalypse mitigation

> The second, harder, issue with the above is eventual consistency. > > We assume that every peer will eventually see every packet at some > point. But it is entirely possible that all of my peers will put in > place policies against (say) photo-ids, and therefore I may never see a > photo-id

Re: [Sks-devel] server scheduled downtime

> Do I need to announce it on this list? SUre, you would be quite thoughtful :-) > or how do I remove the server > temporally from the pool? It is fully automatic. Regards Gabor ___ Sks-devel mailing list Sks-devel@nongnu.org

Re: [Sks-devel] Descriptive error meesages

> 2018-01-29 18:05:16 error in callback.: > Sys_error("Connection reset by peer") > > I?m seeing these type of error messages, which is great to know that it > happened, but it begs the question: Who/what was the peer that reset the > connection? > The reverse side (As I?m having the two

Re: [Sks-devel] Out of the pool

> It appears that my server gpg.nebrwesleyan.edu has been out of the > pool since yesterday. https://sks-keyservers.net/status/ks-status.php?server=gpg.nebrwesleyan.edu These statistics were last updated: 2018-01-23 19:35 (UTC) Status for gpg.nebrwesleyan.edu Latest status OK I cannot see any

Re: [Sks-devel] Unde(r)served HKPS [was: Underserved areas?]

> Let's Encrypt has the DNS-01 challange where the admin produces a > verification code that Kristian has to publish into his DNS zone through > a txt record. As soon as this is done the admin can create a certificate > that includes the pool hostname *and* his personal individual > hostname(s)

Re: [Sks-devel] Server currently not in the pool

> just noticed, that my server keyserver.swabian.net is currently not in > the pool, showing delta -418. is the delta the problem, or are there According to https://sks-keyservers.net/status/ks-status.php?server=keyserver.swabian.net the answer is "yes". > more factors considered? > according

Re: [Sks-devel] Looking for peers

> I just finished installing and configuring sks on a server I intend to > add to a pool and am now looking for some well-connected servers that > are willing to peer with me. > Please note that my recon port is behind a firewall so connections will > fail until I've opened the firewall for your

Re: [Sks-devel] Request: Install an efficient robots.txt file

On Tue, 20 Jun 2017, robots.txt fan wrote: > From: robots.txt fan > how can you assume that it was me who uploaded a key with my name on it? Don't worry. I searched your name (i.e. RTF) with Google and no hits came from any key server on the fist five pages. :-> >

Re: [Sks-devel] Seeking peers for gpg.phillymesh.net

> I have loaded a keydump from pgp.key-server.io, dated 2017-07-08. > I see 9 keys loaded. It is too few. Total number of keys is about 4.7 million. Regards Gabor ___ Sks-devel mailing list Sks-devel@nongnu.org

Re: [Sks-devel] Advertising temporary disconnections?

> Thanks for letting me know'. Everybody opens a browser at least once a > day (correct me if I'm wrong), so it wouldn't take a minute to browse to > (for example) > https://sks-keyservers.net/status/ks-status.php?server=sks.lockmail.net > to check its status. It is too boring. :-) I have a cron

Re: [Sks-devel] Depeering Notice

Dear dirk, > My "limit" is "not-ok"-status on Kristians statistik-page and no update > within around 8 to 10 weeks (field "last updated"). Why do you care if (latest) status OK or not? Kristian just marks if a server is pool member or not. A server may be excluded from the pool due to several

Re: [Sks-devel] Great increase in new keys and updated keys on August, 2016, 13 and 16

> The stats of my sks server (1.1.5) shows a great increase in new keys > and updated keys on August, 2016, 13 and 16 : > > TimeNew Keys Updated Keys > > 2016-08-1627470 24231 > 2016-08-15908 407 > 2016-08-14586 226 >

Re: [Sks-devel] [Announcement] SKS 1.1.6 Released

> > Out of curiosity, is there any Debian-type repository one can use to > > install updates automatically? > > > https://packages.debian.org/jessie/sks ??? Jessie is the _stable_ version. Its sks package won't be upgraded unless a major security hole will be found in 1.1.5. We hope sid gets

Re: [Sks-devel] hkps certificates

Dear Kristian, "It's just business nothing personal..." :-) > > Let's start thinking about how to issue HKPS certificates in the future. > > I'm afraid Kristian is too busy to do this. > > > > I'm not too concerned about it, but keep in mind the primary goal for > that is sufficient

Re: [Sks-devel] seeking peers for keyserver.flippylosaurus.eu

> I'm running a SKS server version 1.1.5 - hostname > keyserver.flippylosaurus.eu. It should be accessible via IPv4 (v6 should Why page http://keyserver.flippylosaurus.eu:11371/pks/lookup?op=stats writes this? HTTP port: 11372 It is quite strange. :-) Gabor -- No smoke, no drugs, no

Re: [Sks-devel] Oh, Jeeez...!

> I think the only reasonable solution is that every server operator gets a > local blacklist that can be filled with keys / signatures / regex etc. and > that only prevents matched entries from being saved to the database. To > remove a key from all servers, all operators would need to add it to

Re: [Sks-devel] seeking peers for sks.rarc.net

> Howdy, > I am looking for peers for a new SKS keyserver installation. > > I am running SKS version 1.1.3, on sks.rarc.net. I support a local Dear Chris, Please check these pages: https://sks.rarc.net/pks/lookup?op=stats (i.e. no change since 6th of May)

Re: [Sks-devel] Running SKS keyserver on dynamic DNS

Dear Pete, > I already run one SKS keyserver, and am thinking of running a second. > The caveat is that the public IP address of the second system > periodically changes. When it does, the DNS name pointing to that > system is updated automatically (typically within a few seconds). > > How

Re: [Sks-devel] Checking dump

> The dump files are OpenPGP format. You can just use gpg as the tool. For > instance: > gpg < /var/lib/sks/dump/sks-dump-0203.pgp I see. Thanks for the hint. Now if I count lines with 'packet:' string in output of "gpg --list-packets" the result is only 406929. Even if I sum every lines of

Re: [Sks-devel] Proposal: Start verifying self-signatures

I really like the idea of only accepting self-signed stuff as it would raise the bar for vandalism. No one is kept from generate a million of new regular looking self signed keys with some additional unwanted content. Gabor ___ Sks-devel mailing

Re: [Sks-devel] Proposal: Start verifying self-signatures

I guess the real problem for further key-server development is there is no common vision or goal for the SKS-network. I really doubt it is possible we ever agree on one (or even multiple) either ;-) SKS network is a big white wall where everyone can paint. :-) I wonder why is not fulfilled

Re: [Sks-devel] sks hiddden service

Did you know abput some official sks hidden service i could add to my membership file? There is: t3iqlf4oumhz2zg3.onion 11370 And that one is exactly the same as: keys.techwolf12.nl 11370 What is the use of starting a hidden service if the server otherwise is totally public and well

Re: [Sks-devel] memory leak

At first sight memory footprint of sks recon is drastically reduced. ... but after a few hours suddenly it grew again. http://bakacsin.ki.iif.hu/~kissg/tmp/memory-day.png May be hunt for misbehaving peers. Flow analysis shows almost no traffic on port 11370 yesterday between 21:20 and

Re: [Sks-devel] memory leak

Dear Robert, Did you check the cache value in /etc/sks/sksconf. for my server, i have # max cache DB cache: 80 I have no such settings. sksconf is unchanged since Dec 17 2013. Now I add this entry. Then I listen and wait. :-) Thanks. Gabor -- A mug of beer, please. Shaken, not

Re: [Sks-devel] memory leak

Last Friday I reorganized disk partitions used by SKS. At first sight it was all right but now I found, that recon process consumes the whole memory: I already restarted it yesterday but today I'm out of memory again. My system: Stock Debian wheezy. Package version is 1.1.5-1~bpo70+1.

Re: [Sks-devel] sks-keyservers.net moved

I've just moved sks-keyservers.net to a new server on another location, so please let me know if any unexpected issues should arise over the next few days and I'll start the old host again instead. The new site seems to have some certificate problem. Iceweasel (Firefox) says:

Re: [Sks-devel] New key server, request for peering

I have a new keyserver running and would like to peer with other servers. Please add me to your 'membership' file with the following entry and provide your details in return so I can do the same: keyserver.erat.systems 11370 # Jens Erat em...@jenserat.de 0xA4FF2279 Dear Jens, Have you

Re: [Sks-devel] quality of keyservers offering hkps

You can still block certain pakets from up/downloads (i.e. not providing signature pakets for some key -- kind of a DoS when checking a trust path) We spoke about information leakage and manipulation so far. DoS is a quite other topic. SKS network is quite vulnerable from this point of view. A

Re: [Sks-devel] quality of keyservers offering hkps

In case of the last remaining 7 servers (= every 5th server) the test showed an exploit opportunity related to CVE-2014-0224 [4], which can be eliminated by simply updating the OpenSSL package on these systems. As I'm not that much deep in the topic I'm not sure about the impact of this issue

Re: [Sks-devel] Peering Request

I have set up a new key server with a key dump that's roughly a week old. You have 1.50 million keys only. Try againg until you get 3.67 million. Gabor ___ Sks-devel mailing list Sks-devel@nongnu.org

Re: [Sks-devel] new keyserver is running...

Dear Michael, I have a new keyserver running and would like to peer with other servers. Please add me to your 'membership' file with the following entry and provide your details in return so I can do the same: Err... how did you establish peer connection with eu.pool.sks-keyservers.net?

Re: [Sks-devel] Seeking peers for pgp.archreactor.org

List doesn't appear to be ack'ing my emails. Testing from gmail. We got all the tree. But archive lacks of them. http://lists.nongnu.org/archive/html/sks-devel/2014-06/index.html Gabor ___ Sks-devel mailing list Sks-devel@nongnu.org

Re: [Sks-devel] Heartbleed ans HKPS pool

Could you please explain the color-codes (on the page?). Red/green is obvious, but I don't know where this orange color for hkps sites comes from (SNI?) Indeed, or the meta page for the server in question. By the way. Kristian! May I suggest you to use title=explanation attributes within td

Re: [Sks-devel] Heartbleed ans HKPS pool

On Wed, 9 Apr 2014, kristian.fiskerstr...@sumptuouscapital.com wrote: You are quite correct, and I will revoke and issue new certificates as I get CSRs signed with the same openpgp keys that I originally got requests from. Dear Kristian, Please consider to remove vulnerable servers from HKPS

Re: [Sks-devel] Changes to sks-keyservers.net pools

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In recognition of package-maintainers backporting the security fixes to older versions of SKS for stable systems I'm revising the latter statement a bit. I have now implemented a test for affected servers instead of relying on the version

Re: [Sks-devel] Changes to sks-keyservers.net pools

Might I suggest that there be some time given for servers to be upgraded before making this change? My servers run a stable baseline distro but I deploy SKS via backported packaging which hasn't been upgraded and I'm not going to compromise my system and run hand rolled source deployments as

Re: [Sks-devel] [Announcement] SKS 1.1.5 Released

On Mon, 5 May 2014, Kristian Fiskerstrand wrote: We are pleased to announce the availability of a new stable SKS release: Version 1.1.5. Dear Daniel, Do you plan to create a Debian package for wheezy? Regards Gabor ___ Sks-devel mailing list

Re: [Sks-devel] old certificates

I'm not on the list and if you connect to my server I did not. This was the command: for server in a.keyserver.pki.scientia.net key.adeti.org key.ip6.li \ keys.alderwick.co.uk keys.fedoraproject.org keys.niif.hu keys.sflc.info \ keys2.alderwick.co.uk keys2.kfwebs.net

Re: [Sks-devel] Configuring the reverse proxy to support large keys - HTTP error 413

I have not yet implemented an automated check for this in the pool (and a bit unsure how I'd do it without actually sending large amount of data to the server during the check, something I generally want to avoid), but might run a semi-manual / scripted check and add affected servers to the

Re: [Sks-devel] Heartbleed ans HKPS pool

You are quite correct, and I will revoke and issue new certificates as I get CSRs signed with the same openpgp keys that I originally got requests from. So we should just wait for new certificates. Right? :) All of us have to generate new secret key key and signing request first. Gabor

Re: [Sks-devel] Peering etiquette reminder

Having just spent about an hour sifting through my recon.log and trying to track down the number of unauthorized gossip attempts I was seeing I've stopped. I've already contacted a few that I was able to identify and instead just figured I'd blanket the list as it seems to be a wider

Re: [Sks-devel] SKS Peering Request

I have just set up a new key server and am looking for others to peer Dear Klaus, Your database is empty. Load a keydump first. BTW, Could you run a traceroute to keys.niif.hu? Gabor ___ Sks-devel mailing list Sks-devel@nongnu.org

Re: [Sks-devel] HKPS configuration?

hkps is basically a 443 to hkp forward - I am using nginx for that. Just be SURE you do NOT use SNI or rely/ need a vhost/hostname as some client/most clients (gnupg) do not send this information. It is actually only feasible on a dedicated IP for SKS where Port 443 is solely used for

Re: [Sks-devel] seeking peers for sks.pgp.plitc.eu

well, i?m waiting for permission to activate the individual server ? Peoples who want peering with you will write soon. You also may reply other partner seeking requests. Don't be impatient. :-) Gabor -- Virgil Brigman back on the air ___ Sks-devel

Re: [Sks-devel] seeking peers for sks.pgp.plitc.eu

I am looking for peers for a new SKS keyserver installation. I am running SKS version 1.1.4, on keyserver.plitc.eu. {We are an ISP with public services}. The server is physically located in Germany (EU). The machine has IPv6 connectivity. Dear Daniel, Your status page says your server

Re: [Sks-devel] offtopic: encrypt.to

Simple, we're using client side encryption, you can review the javascript code in your browser. The server/service receives encrypted messages and send it to the receiver. The server/service can't decrypt your message, it's PGP. I think that what Gabor meant was that *maybe* a client will

Re: [Sks-devel] keys.niif.hu changed

good luck on the move. i'm running the instances in virtual environments myself, so please let us know if you encounter any issues. there used to be a timer issue that influenced virtual machines more frequently than physical boxes that affected the recon process. this is hopefully fixed in

Re: [Sks-devel] offtopic: encrypt.to

Dear David, These are the same problems that are always present. First, there's the usability versus function (and it is really sad that these have become opposite poles), and second, there's the competence to audit code, which is probably an issue for an even greater number of people than

Re: [Sks-devel] IPv4 vs. IPv6? -- Reconciliation attempt from unauthorized host, but host is authorized

i'm running sks 1.1.4 on Debian GNU/Linux, wheezy, amd64 (x86_64) platform. 1.1.3, squeeze/i386 Can anyone with a dual-stack machine (both IPv6 and IPv4) verify a successful connection from an IPv4-only peer in their recon logs? I can see no similar log messages. Gabor

Re: [Sks-devel] Question about apache2 configuration

But I had a problem. When sks was set to listen on port 11371, apache complained about listening on the same port. So I have changed the sks port to 11372 and configured Proxy to this port: VirtualHost *:80 *:11371 ServerName klucze.achjoj.info Proxy * Order deny,allow

Re: [Sks-devel] ipv6 keyserver

I was already running keyserver.linuxpro.nl on ipv4, I started testing with sixxs ipv6 tunnel. If you like, you can test keyserver.linuxpro.nl on ipv6: 2001:610:600:6da::2 Gee! RTT is 53.5 ms over IPv4 but 23.7 over IPv6 from keys.niif.hu. :-) Gabor

Re: [Sks-devel] About deleting keys

How about a big, ugly label at the top of your search page: NOTICE: Access from the EU forbidden. Stupidity like that solves a (technically uninforcible) legal issue with another (technically uniforcible and equally stupid) legal claim. I wanted to propose some similar. Each servers

Re: [Sks-devel] About deleting keys

On Mon, 4 Nov 2013, robert.O wrote: I think this is the openpgp and Gnupgp to modify the program and add: 1- revoke the key without deleting data 2 - revoke the key and delete data *Then sks-server respect**the orders of the owner of the private key* Arnold wrote: | If I remember right,

Re: [Sks-devel] reverse proxies and the pool

Whatever the decision, could you provide documentation for configuration of such a reverse proxy for both Apache and Nginx? What I miss is a set of diagnostic procedures/recipes that could help an operator to figure out if his server fits various requirements. Like this was on Monday: |

Re: [Sks-devel] Possible solution to delete keys

On Tue, 29 Oct 2013, dirk astrath wrote: I suggest to sign the to-be-deleted-key with a special signature, which causes the personal data of this key not to be displayed. http://lists.nongnu.org/archive/html/sks-devel/2012-05/msg00153.html :-)

Re: [Sks-devel] reverse proxies and the pool

With a great number of the SKS servers already in the pool now supporting a reverse proxy[a] does it make sense to make this a hard-requirement for inclusion in the pool in order to increase availability? 1 vote against it. (Sorry if I seem to be ungrateful. :) Ideally, if network traffic

Re: [Sks-devel] Request for SKS Peers

I have a new keyserver running and would like to peer with other servers. Please add me to your 'membership' file with the following entry and provide your details in return so I can do the same: pgp.megagod.net 11370 # Kullawat Chaowanawatee e29...@gmail.com 0xC19EAE3A It is ...

Re: [Sks-devel] keyserver.maze.io known as key-server.nl

As of today keyserver.maze.io. will be known as key-server.nl, the old DNS alias will remain existent in the near future, but please refer to key-server.nl in the future. There is no record for the later one. Anyway. Unless you plan to cancel the entire maze.io domain there is no

Re: [Sks-devel] new keyserver

On Tue, 6 Nov 2012, Ronny Wagner wrote: I have a new keyserver running and would like to peer with other servers. Please add me to your 'membership' file with the following entry and provide your details in return so I can do the same: keys-01.licoho.de 11370 Dear Ronny, I did add your

Re: [Sks-devel] sks-keyservers.net down for a few days

the website for sks-keyservers.net will be down for a few days after some technical difficulties. The pool itself should operate (no change to DNS records), the data will just not be updated. Note: DNS advertises 213.161.224.2 as one of possible addresses of pool.sks-keyservers.net. This may

Re: [Sks-devel] sks-keyservers.net: Now in the monkeysphere

As an FYI; I've now added HTTPS/TLS support to https://sks-keyservers.net . It is part of the monkeysphere[0], i.e. using a self-signed certificate that can be verified through the Web of Trust of OpenPGP. The KeyID of the certificate should is 0xd71fd9994af34f0b and can be found in the

Re: [Sks-devel] 0xd5920e937cc1e39b shows signatures with 0xca57ad7c continuing?

Actually it is not true that SKS does not modify certs. AFAIK, no one in this discussion ever claimed it does. It was claimed I did not say that someone stated this. :-) However I say: if one kind of modification is allowed then the other is also possible. that SKS never deletes

Re: [Sks-devel] 0xd5920e937cc1e39b shows signatures with 0xca57ad7c continuing?

I'm with Rob. The keyservers should always host full certificates. Once we start expiring keys or modifying them by removing bits, we become the Untrusted Keyserver Cabal. Many would abandon us, probably forking to create a There is no guarantee that one can trust all of current key servers.

Re: [Sks-devel] 0xd5920e937cc1e39b shows signatures with 0xca57ad7c continuing?

If I was related to certain Asian governments I'd set up a fake key server that is the only reachable from the country then I'd serve manipulated keys to certain clients. How do you propose to manipulate those keys? Do you have some way of breaking RSA that we don't know about? You

Re: [Sks-devel] 0xd5920e937cc1e39b shows signatures with 0xca57ad7c continuing?

Plus, the instant there's a committee the committee members will likely become legally responsible for the content of the network. If someone Mostly you are right. However this legal issue can be solved if the individual SKS server operators may decide if they accept the comittee's suggestion

  1   2   >