[Sks-devel] Shutting down keyserver.zap.org.au

y dump did not help. And given the current state of the SKS network, it just wasn't worth bothering about debugging the root cause. All the best, everyone! Yours truly, John Zaitseff -- John Zaitseff ,--_|\The ZAP Group Telephone: +61 2 9643 7737 / \ Sydney, Austr

Re: [Sks-devel] Apache setup for refusing to serve bad keys

- [L,G] > (BTW: look at this key: 0xD7FFC063B40A2294B966DB47FF80AE9D1DEC358D [...]) Nice signatures :-) We're playing "whack-a-mole" here. I went through my Apache logs for the last month or so, searching for very large keys being requested, and added these (and ce

Re: [Sks-devel] Apache setup for refusing to serve bad keys

Hi, all again, Slight bug fix: replace: RewriteCond "%{QUERY_STRING}" "search=([^&]+)&?" with: RewriteCond "%{QUERY_STRING}" "search=([^&]+)(&|$)" John Zaitseff -- John Zaitseff

Re: [Sks-devel] Apache setup for refusing to serve bad keys

ex)" RewriteCond "%{QUERY_STRING}" "search=([^&]+)&?" RewriteCond "${badkeys:${lc:%1}|ok}" "!=ok" RewriteRule ^/pks/lookup- [L,G] Yours truly, John Zaitseff -- John Zaitseff ,--_|\The ZAP Group

[Sks-devel] Apache setup for refusing to serve bad keys

. And I can add to the apache-badkeys file any time I like... Yours truly, John Zaitseff -- John Zaitseff ,--_|\The ZAP Group Telephone: +61 2 9643 7737 / \ Sydney, Australia Email: j.zaits...@zap.org.au \_,--._* https://www.zap.org.au/

Re: [Sks-devel] Excessive use of /var/lib/sks/DB/log.*

days ago): pagesize: 32 ptree_pagesize:16 command_timeout: 600 max_recover: 150 I fear, however, that increasing the timeouts simply pushes the problem slightly further down the track... Yours truly, John Zaitseff -- John Zaitseff

[Sks-devel] Script to rebuild SKS databases

something like this, but if not, well, now you can :-) Both files are officially released into the public domain. Yours truly, John Zaitseff -- John Zaitseff,--_|\The ZAP Group Phone: +61 2 9643 7737 / \ Sydney, Australia E-mail: j.zaits...@zap.org.au

Re: [Sks-devel] PTree may be corrupted kills recon service

> then. Ah, yes, I forgot to mention that I had done this as well. Actually, I just created a DB_CONFIG file in /var/lib/sks/DB with one line, "set_flags DB_LOG_AUTOREMOVE". I put the same file in /var/lib/sks/PTree as well, although I don't think it's needed there. Yours truly,

Re: [Sks-devel] PTree may be corrupted kills recon service

/sbin/sks pbuild -cache 50 -ptree_cache 100 > >> > >> SKS restarted fine; so far so good! I'll be keeping an eye on it > >> over the next few days, so I'll report back as needed. > [...] > > Unfortunately the issues is still not resolved. Is nobody else > experiencing this?

Re: [Sks-devel] PTree may be corrupted kills recon service

dering whether someone has found yet another way to take down SKS servers worldwide. It's a bit disappointing that the SKS keyserver source code available on bitbucket.org has not been touched in over a year... is anyone actually working on it? Yours truly, John Zaitseff -- John Zaitseff

Re: [Sks-devel] SKS intermittently stalls with 100% CPU & rate-limiting

urce code. By the way, I tried Phil Pennock's suggestion of removing peers that were significantly behind mine in terms of number of keys, but that made no difference to the situation. Yours truly, John Zaitseff -- John Zaitseff,--_|\The ZAP Group Phone: +61 2 9643 7737

Re: [Sks-devel] Seeking new peers for keyserver.zap.org.au

robably don't need to do this for my own keyserver; I'm just catching up on such peer's requests! Yours truly, John Zaitseff -- John Zaitseff,--_|\The ZAP Group Phone: +61 2 9643 7737 / \ Sydney, Australia E-mail: j.zaits...@zap.org.au \_,--._* htt

[Sks-devel] Seeking new peers for keyserver.zap.org.au

is: keyserver.zap.org.au 11370 # John Zaitseff 0xB0F6BC7F46D30F1432FC46190D254111C4EE569B Yours truly, John Zaitseff -- John Zaitseff,--_|\The ZAP Group Phone: +61 2 9643 7737 / \ Sydney, Australia E-mail: j.zaits...@zap.org.au \_,--._* http://www.zap.org.au

Re: [Sks-devel] HKPS + ssl + nginx

[2-6] \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 # MSIE 7 and newer should be able to use keepalive BrowserMatch MSIE [17-9] ssl-unclean-shutdown /VirtualHost -- John Zaitseff,--_|\The ZAP Group Phone: +61 2 9643 7737

Re: [Sks-devel] Please add me to your 'membership'

/Peering Yours truly, John Zaitseff -- John Zaitseff,--_|\The ZAP Group Phone: +61 2 9643 7737 / \ Sydney, Australia E-mail: j.zaits...@zap.org.au \_,--._* http://www.zap.org.au/ v

Re: [Sks-devel] 1.1.5 is in wheezy-backports

to happen. If you send patches to 678...@bugs.debian.org, it'll make it much more likely to happen sooner! Another small note: the directory should be /var/backups/sks (plural backups, not singular backup) for consistency with the FHS. John -- John Zaitseff,--_|\The ZAP

Re: [Sks-devel] 1.1.5 is in wheezy-backports

the contents of /var/lib/sks/www should be conffiles, too... John -- John Zaitseff,--_|\The ZAP Group Phone: +61 2 9643 7737 / \ Sydney, Australia E-mail: j.zaits...@zap.org.au \_,--._* http://www.zap.org.au/ v

Re: [Sks-devel] Debian and 1.1.5

/apt/sources.list, then: apt-get source sks cd sks-1.1.5 dpkg-buildpackage -us -uc -b cd .. dpkg -i sks_1.1.5-1~zg1_amd64.deb (You will need the dpkg-dev package installed for dpkg-buildpackage). Yours truly, John Zaitseff -- John Zaitseff,--_|\The ZAP Group

[Sks-devel] Question: serving two different SSL certificates under Apache?

-generated certificates, but is it possible to do this within the SAME VirtualHost block, based on environment variables, etc.? Yours truly, John Zaitseff -- John Zaitseff,--_|\The ZAP Group Phone: +61 2 9643 7737 / \ Sydney, Australia E-mail: j.zaits

Re: [Sks-devel] Question: serving two different SSL certificates under Apache?

-keyservers.net certificate when queries come to *.sks-keyservers.net. Can I do this with ONE VirtualHost block in Apache, or must I use two? Yours truly, John Zaitseff -- John Zaitseff,--_|\The ZAP Group Phone: +61 2 9643 7737 / \ Sydney, Australia E

Re: [Sks-devel] Question: serving two different SSL certificates under Apache?

Yours truly, John Zaitseff -- John Zaitseff,--_|\The ZAP Group Phone: +61 2 9643 7737 / \ Sydney, Australia E-mail: j.zaits...@zap.org.au \_,--._* http://www.zap.org.au/ v

[Sks-devel] Seeking peers for keyserver.zap.org.au

! By all means, contact me directly for any operational issues. keyserver.zap.org.au 11370 # John Zaitseff j.zaits...@zap.org.au 0x0D254111C4EE569B Yours truly, John Zaitseff - -- John Zaitseff,--_|\The ZAP Group Phone: +61 2 9643 7737 / \ Sydney, Australia E