Re: Desperately Seeking Kristian - SKS HKPS certificate renewals

lso be avalable fresh copy through wkd) -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35A

Re: Debian sks.service: Main process exited, code=killed, status=11/SEGV

> > > I'd guess it hitting a stack limit during merge of a large key. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5

Re: hkps.pool.sks-keyservers.net DNS failing to resolve

d for any actual issues anyways), but won't get around to actually updating the crl until this evening or more likely tomorrow as that requires special access. -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk --

Re: hkps.pool.sks-keyservers.net DNS failing to resolve

On 15.01.2020 02:28, Todd Fleisher wrote: > Hopefully Kristian finds and fixes his issue in the morning. thanks for the heads up everyone; should be back up on next update run (cause: crl expired) -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.

Re: cant build dabase

On 13.12.2019 00:56, Skip Carter wrote: > correction, the errors are stackoverflows not segfaults > ulimit -s unlimited before building. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public O

Re: [Sks-devel] Status page problem

Regards > > Gabor > -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 Corruptissima re public

Re: [Sks-devel] Sks-devel Digest, Vol 184, Issue 26

Mail: ja...@insect.com <mailto:ja...@insect.com> >Phone: (910) 689.0557 > (800) 284.7872 >Fax: (910) 689.0558 > > > >> On Aug 22, 2019, at 12:14 PM, Kristian Fiskerstrand > wrote: >> >> On 22.08.2019 18:08, Jason John Schwarz wrote: >>> I

Re: [Sks-devel] Sks-devel Digest, Vol 184, Issue 26

ly you specify it on a per user basis in /etc/security/limits.conf . See also man ulimit for a one-off, e.g ulimit -s unlimited before starting sks. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public O

Re: [Sks-devel] Shutting down keyserver.zap.org.au

Fwiw, that error sounds like too small stack size for the process - in an alternative universe it would be interesting to hear your experience running with a higher stack limit On August 21, 2019 9:16:05 PM GMT+02:00, John Zaitseff wrote: >It is with feelings of sadness and regret that I will

Re: [Sks-devel] extending status pages

See Membership fileSee reference membership file On July 30, 2019 9:51:31 PM GMT+02:00, "Kiss Gabor (Bitman)" wrote: >Dear Kristian, > >I have a suggestion about status pages. >Would you mind to provide information about what other hosts >consider a given server as a peer? > >I mean it could be

Re: [Sks-devel] SKS initial key load issue

My guess is you need to increase stack size On July 28, 2019 5:37:58 PM GMT+02:00, Marcin Gondek wrote: >Hello All, > >Can someone help me or instruct why every time I do initial key load >i'm getting always getting segfault? >I've tried with many dump and always is the same. >MD5 are ok about

Re: [Sks-devel] Website down

Yes, it is a scheduled power outage and should be back up soon, the pool itself functions but wont update in the window. On July 10, 2019 1:29:29 PM GMT+02:00, "Kiss Gabor (Bitman)" wrote: >Dear Kristian, > >I wonder if you know that https://sks-keyservers.net/ is unreachable? > >Regards >

Re: [Sks-devel] Gossip protocol mentor?

lemented in the conflux libary and documentation. https://hockeypuck.github.io/ https://gopkg.in/hockeypuck/conflux.v2 -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://po

Re: [Sks-devel] The pool is shrinking

at much, but you need at least 8 GiB of RAM allocated for each node and sufficient swap or recon will often get OOM-killed. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://po

Re: [Sks-devel] The pool is shrinking

ints I get from users has dropped significantly). And its not really a strict requirement, one can set up VMs / chroots for it on a relatively small server. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk --

Re: [Sks-devel] understanding error message

Have you run sks cleandb during setup phase? The setup scripts should include it.. On June 4, 2019 3:38:38 AM GMT+02:00, Skip Carter wrote: >my recon logs have messages like these: > > > error in callback.: Failure("configuration of >remote host () rejected: filters do >not match.\n\tlocal

Re: [Sks-devel] Keyservers and GDPR

oradically due to merges. Now, this is somewhat better for the general pool since https://dev.gnupg.org/T4175 results in retry on failover for 5xx codes, but has caused a lot of problem reports in the past and not all distros ship this in stable versions. -- ---- Kri

Re: [Sks-devel] IPv6 status

locked by firewall or something? curl "http://[2001:738:0:600:216:3eff:fe02:42]:11371/pks/lookup?op=stats; .. times out from the system ipv6 tests are done on -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk

Re: [Sks-devel] DNS broken for hkps.pool.sks-keyservers.net

in case he filters sks-devel mail. > Well, its a simple enough issue. the CRL expired, so no host validated anymore.. Services should be returning to normal soon enough. Thanks for the ping. -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twi

Re: [Sks-devel] Data protection concern[Ref. RFA0751305]

On 3/8/19 3:19 PM, Andrew Gallagher wrote: > On 08/03/2019 14:15, Kristian Fiskerstrand wrote: >> The ICO has concluded in this case and no further action will be taken >> from them. > > Was there any legal reasoning attached to this decision? It was a relatively good

Re: [Sks-devel] SKS scaling configuration

add_header Via "1.1 keys2.kfwebs.net"; proxy_ignore_client_abort on; } } -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034

Re: [Sks-devel] Data protection concern[Ref. RFA0751305]

send and receive when dealing with > casework. Not only are we obliged to deal with these in accordance with > the access provisions of the data protection framework and the Freedom > of Information Act 2000, it is in the public interest that we are open > and tra

Re: [Sks-devel] "SKS is effectively running as end-of-life software at this point"?

tation. The current disagreement are really with regards to whether this should be "validating keyservers" or not, and how such servers could interact with non-validating ones. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com T

Re: [Sks-devel] Unusual traffic for key 0x69D2EAD9 and 0xB33B4659

for 10 minutes in nginx, which really makes life more pleasant. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B6

Re: [Sks-devel] Withdrawal of Service - keys.flanga.io

On 11/16/18 2:08 AM, Matthew Walster wrote: > Good lord, Kristian, you have to deal with these people on a regular basis? Yes -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keybl

Re: [Sks-devel] Withdrawal of Service - keys.flanga.io

(as long as users understand their position). -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3

Re: [Sks-devel] Changes to requirements for the HKPS pool

On 7/3/18 11:01 PM, Phil Pennock wrote: > On 2018-07-03 at 12:51 +0200, Kristian Fiskerstrand wrote: >> However, going forwards I'm going to request additional information >> about the server hardware (already requesting info on line capacity for >> SRV pool purposes)

Re: [Sks-devel] Clustering

the usual advantages if there are other outages, e.g during system upgrade, but for the purposes we're talking it just needs to be multiple instances. -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Publi

Re: [Sks-devel] Clustering (Was: New Keyservers and Dumps)

-expected send a response and request a signed confirmation] > On 26 Aug 2018, at 18:44, Alain Wolf wrote: > > Hi > > Am 24.08.2018 um 14:36 wrote Kristian Fiskerstrand: >> On 08/24/2018 11:36 AM, Gabor Kiss wrote: >>> A question: >>> Does an SKS cluster ne

Re: [Sks-devel] No status page

On 08/24/2018 06:58 PM, Kristian Fiskerstrand wrote: > On 08/24/2018 06:56 PM, Kiss Gabor (Bitman) wrote: >> Dear Kristian, >> >> Page https://sks-keyservers.net/status/ contains no key servers. > > Yup, I'm on it > Not entirely sure what went wro

Re: [Sks-devel] New Keyservers and Dumps

o hkps pool, in particular since noticing an interesting feature if only one server is included, which disables pool behavior in dirmngr and results in TLS error / generic error due to CA pem not being loaded... -- ---- Kristian Fiskerstrand Blog:

Re: [Sks-devel] Changes to requirements for the HKPS pool

On 07/03/2018 12:51 PM, Kristian Fiskerstrand wrote: > Although the requirements to get included in the HKPS pool have so far > been a bit subjective and changing over time as I've gotten more > experience (and balancing out the requirements for the pool - it is not > the point for m

[Sks-devel] Changes to requirements for the HKPS pool

gossipping), and servers that do caching on the reverse proxy. Additionally low-CPU/low-memory setups will not be permitted into the HKPS pool. -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP

Re: [Sks-devel] Keyserver Network Down?

On 06/19/2018 11:17 PM, Kristian Fiskerstrand wrote: > On 06/19/2018 11:09 PM, Kristian Fiskerstrand wrote: >> On 06/19/2018 10:53 PM, Matthew Walster wrote: >>> The keyserver status page seems broken also: >>> https://sks-keyservers.net/status/ >> >> T

Re: [Sks-devel] Keyserver Network Down?

On 06/19/2018 11:09 PM, Kristian Fiskerstrand wrote: > On 06/19/2018 10:53 PM, Matthew Walster wrote: >> The keyserver status page seems broken also: >> https://sks-keyservers.net/status/ > > This was an intermittent failure, should be back up now.. Needed to > shi

Re: [Sks-devel] Keyserver Network Down?

On 06/19/2018 10:53 PM, Matthew Walster wrote: > The keyserver status page seems broken also: > https://sks-keyservers.net/status/ This was an intermittent failure, should be back up now.. Needed to shift around some primaries to bootstrap the crawler. -- ---- Kr

Re: [Sks-devel] Keyservers and GDPR

an: > https://netzpolitik.org/2018/bussgelder-bei-datenschutzverstoessen-angst-vor-einem-phantom/ > > > Disclaimer: IANAL. This is not legal advice. > > > > ___ > Gnupg-devel mailing list > gnupg-de...@gnupg.org > http://li

Re: [Sks-devel] Strange case

On 05/20/2018 10:14 PM, Kristian Fiskerstrand wrote: > On 05/20/2018 01:31 AM, Webmaster IspFontela wrote: >> >> Now we just need to find out why the server a.0.keysnode.ispfontela.es >> on the list https://sks-keyservers.net/status/ has disappeared, I guess >> th

Re: [Sks-devel] Inconsistency on vindex page with machine-readable flag set or unset?

ig. But it is so long ago I don't recall if we checked if it was used everywhere. -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net

Re: [Sks-devel] Implications of GDPR

the whole GDPR is a mess to begin with. -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60

Re: [Sks-devel] Cease of operation: *.gnupg.pub

ginal report reads too much like a rant and has insufficient info to comment much. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 51

Re: [Sks-devel] Cease of operation: *.gnupg.pub

ired.com/2012/05/torvalds-github/ and comments starting with at least https://github.com/torvalds/linux/pull/17#issuecomment-5654674 -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public

Re: [Sks-devel] disk space

[Sent from my iPad, as it is not a secured device there are no cryptographic keys on this device, meaning this message is sent without an OpenPGP signature. In general you should *not* rely on any information sent over such an unsecure channel, if you find any information controversial or

Re: [Sks-devel] SKS apocalypse mitigation

e need to specify a specific filter for a specific version and move from there, which can be relatively easy given sufficient time. > > --dkg > > [0] see for example > https://bitbucket.org/skskeyserver/sks-keyserver/pull-request/20/trim-local-certifications-from-any-handled >

Re: [Sks-devel] TLS 1.3 and HKPS pool

he deluge of meltdown/spectre/memcached) so I don’t see the need/reason > to disable TLS1.2 I was referring to server operators here, not clients, if that wasn't clear :) -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk ---

Re: [Sks-devel] TLS 1.3 and HKPS pool

one were to actually disable everything but 1.3, that'd be exclusion worthy from the pool, but lets do this manually if so. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at

Re: [Sks-devel] Machine readable version of SKS key server stats

On 02/15/2018 09:46 AM, Kristian Fiskerstrand wrote: > On 02/15/2018 05:51 AM, Eric Germann wrote: >> Good evening all, >> >> Are there any docs anywhere regarding the HTTP request that can be made on >> port 11371? >> >> Specifically, wondering if /p

Re: [Sks-devel] Machine readable version of SKS key server stats

for server stats, etc. > > Thanks for any pointers. > > EKG Look at json format for =mr on a hockeypuck server -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool

Re: [Sks-devel] SKS Statistcs

uscapital.com/?p=munin-sks.git;a=summary Keep in mind stats by default are updated once a day and by convention hourly through system signals -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP

Re: [Sks-devel] disk space

DB files using db*_archive? -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60

Re: [Sks-devel] Krisitian?

address, please let me know back privately. > >Thanks > >EKG I've gotten the emails :) still doing due dilligence for csr decision of whether to sign or not, server is a bit nee and I prefer strongly connected (wot strongset) operators -- Kristian Fisker

Re: [Sks-devel] Fwd: Re: Fwd: Re: Unde(r)served HKPS [was: Underserved areas?]

didn't know the first thing about security hardcoded > that certificate into the software. To make sure this isn't un-challenged in the archives, the secret key never touches an online system, all operations are done on airgapped setup. -- ---- Kristian

Re: [Sks-devel] Unde(r)served HKPS [was: Underserved areas?]

On 01/14/2018 08:46 PM, Kristian Fiskerstrand wrote: > From a privacy perspective, then yes, using HKPS transport is better, > but it doesn't improve anything if malicious servers are included in > some way that records information anyways, so having all servers > included red

Re: [Sks-devel] Unde(r)served HKPS [was: Underserved areas?]

ub-pools are doing anything re HKPS, that is a single global pool. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 3

Re: [Sks-devel] Unde(r)served HKPS [was: Underserved areas?]

scussion, nobody is required to use a single pool of keyservers. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5

Re: [Sks-devel] Unde(r)served HKPS [was: Underserved areas?]

ards >> >> Alain >> >> >> >> ___ >> Sks-devel mailing list >> Sks-devel@nongnu.org >> https://lists.nongnu.org/mailman/listinfo/sks-devel A misissued cert could still be used if attacker is persistent enough. Either through dns poision or

Re: [Sks-devel] sks-keyservers.net / status / keyserver.ispfontela.es

On 12/18/2017 10:00 PM, Webmaster IspFontela wrote: > > The only change I've made has been to add 2 new peers > > What has happened? Seems the stats page is a non-standard one so it just fails scraping the data. -- ---- Kristian Fiskerstrand

Re: [Sks-devel] "funny sks :-)" eh?

> this infrastructure. That is actually a few years old, using the regular [trollwot] > > http://keys.niif.hu/pks/lookup?op=vindex=0x0B7F8B60E3EDFAE3 > (scroll down) > References: [trollwot] https://raw.githubusercontent.com/micahflee/trollwot/master/trollwot.pdf -- --

Re: [Sks-devel] Emergency Maintenance: sks.mirror.square-r00t.net

things are restored, but to try to debug this more generally, can you confirm you used fastbuild rather than a full build originally? In that case the offsets referenced can have been changed during this process, and the behavior being within the expected behavior. -- --

Re: [Sks-devel] Cleanup SKS Logs

existing data stores. Some changes to config requires recreating the BDB environment, which can be done using the UPGRADING procedures, but you'd mostly need to do that if experiencing issues / it not taking. -- Kristian Fiskerstrand Blog: https://blog.sumptuousca

Re: [Sks-devel] mailsync usage

On 12/08/2017 08:34 PM, Fabian A. Santiago wrote: > is there any reason to enable mailsync functionality? does anyone out there > still use it? tl,dr; No -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @k

Re: [Sks-devel] Cleanup SKS Logs

e info on manual procedure in UPGRADING file, specifically look for db5.3_archive or similar for your distribution (there are some differences in naming conventions etc for multiple versions) -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @k

Re: [Sks-devel] Missing peers on status page

hopefully that sorts it. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 Nil desp

Re: [Sks-devel] Missing peers on status page

On 10/04/2017 02:52 PM, Frank de Bot wrote: > Wouldn't this cause to also route a search with 'stats' only to the > primary server? ;-) $arg_op in this case actually means "?op" as key, its not an arbitrary key in the querystring :) -- ---- Kristian F

Re: [Sks-devel] Missing peers on status page

re defined as upstream -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3

Re: [Sks-devel] Missing peers on status page

p/Screenshot_2017-10-04-08-52-45.png -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 "We all die.

Re: [Sks-devel] Raising the floor for the pool to SKS version 1.1.6 [was: Re: Importing ed25519 subkeys from SKS < 1.1.6]

crease in requirement in main pool will automatically affect the subpools. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35A

Re: [Sks-devel] Raising the floor for the pool to SKS version 1.1.6 [was: Re: Importing ed25519 subkeys from SKS < 1.1.6]

n all the > pools. already done -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 -

[Sks-devel] sks-keyservers.net: increased minimum requirement to SKS 1.1.6

/2017-September/033063.html -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3

Re: [Sks-devel] Internal SKS in .de, Hamburg looking for peers.

y default 11371) to your peers at least to allow exchange of some public keyblocks. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109

Re: [Sks-devel] hg workflow pointers

social graph leak. ... noting of which is a result of the choie of VCS impacting this to a great extent. If anything we'd need to rewrite the full codebase in C for such an argument to be made. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com

Re: [Sks-devel] hg workflow pointers

curial queues etc. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3E

Re: [Sks-devel] hg workflow pointers

On 08/08/2017 03:27 PM, Kristian Fiskerstrand wrote: > that is added > as a single commit upon qmerge To avoid any ambiguity, this should be qfinish... qmerge is similar step in the Gentoo Portage process... -- ---- Kristian Fiskerstrand Blog:

Re: [Sks-devel] hg workflow pointers

On 08/08/2017 03:27 PM, Kristian Fiskerstrand wrote: > There are likely a few different questions resulting from this (my own > opinions in separate email). And here they come > (i) Should we use git for revision control instead of mercurial? I'm personally more involved in projects

Re: [Sks-devel] hg workflow pointers

validates (i) and (ii) as the workflow is simplified (hg export), so in terms of the processes of commits and we'd avoid any move (wiki and issue tracker stays the same). -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitt

Re: [Sks-devel] SKS Loadbalancing over DNS

On 07/15/2017 01:34 PM, Kristian Fiskerstrand wrote: > On 07/15/2017 11:39 AM, Moritz Wirth wrote: >> Good morning everybody, >> >> is it possible to loadbalance SKS/Nginx using multiple A records for the >> hostname? > > The keyserver pools operate as

Re: [Sks-devel] SKS Loadbalancing over DNS

could result in exclusion from the pool. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B

Re: [Sks-devel] OCaml vs hyperthreading

beddcd -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 "Money is better than pover

Re: [Sks-devel] OCaml vs hyperthreading

On 06/26/2017 06:16 PM, Andrew Gallagher wrote: > OCaml appears to make (dis?)optimisations that trigger a rare Intel > hyperthreading bug with increased probability. The way I'm reading it is; When ocaml breaks it is due to a processor misbehaving :) -- ---- Kr

Re: [Sks-devel] Request: Install an efficient robots.txt file

for heads up, given that robots.txt wasn't previously tracked but created directly on server there ended up a conflict on update for the file... -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Publi

Re: [Sks-devel] Request: Install an efficient robots.txt file

ust the same; and the full data set is available and part of regular workflow for bootstrapping own servers. References: [added it now] https://git.sumptuouscapital.com/?p=sks-keyservers-pool.git;a=commit;h=b98e7522990961541165dfc23781a45a1a5e05a9 -- ---- Kristian Fiskerstrand

Re: [Sks-devel] Request: Install an efficient robots.txt file

On 06/20/2017 05:56 PM, Ari Trachtenberg wrote: > Not quite ... each server can decide which keys it want s to accept. > Bad actors will eventually fall out of favor with the others. Now we presume a non-gossiping system of isolated servers -- ---- Kristian Fisker

Re: [Sks-devel] Request: Install an efficient robots.txt file

begin with). -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 "If you choose to sail up

Re: [Sks-devel] No IPv6

ain on next run -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 "Better to keep your mouth

Re: [Sks-devel] Long-form keyids and ocaml 4.02.3

bugs.gentoo.org/show_bug.cgi?id=591326 [1] https://caml.inria.fr/mantis/view.php?id=6517 [2] https://bitbucket.org/skskeyserver/sks-keyserver/issues/42/unbundle-cryptokit-sks-incompatible-with -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Tw

Re: [Sks-devel] Long-form keyids and ocaml 4.02.3

n their own trustdb/wot calculation rather than relying on a third party that doen't provide a security assertion to begin with. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp

Re: [Sks-devel] wserver_timeout value causing cascading failure?

ps, so hostname is the shared cluster addresse whereby nodename can be used to identify specific nodes. -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://po

Re: [Sks-devel] wserver_timeout value causing cascading failure?

tances of SKS behind the reverse proxy to distribute the load (I run two instances myself - and that is for lesser load). Would just need separate key port and do local reconciliation only between them necessary , can make sure stats page (?op=stats) only reaches the primary so it exposes the externa

Re: [Sks-devel] sks-keyserves.net Down?

an instance of a one line patch can never go wrong... -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B

Re: [Sks-devel] ECC HTTPS certs for HKPS

[Sent from my iPad, as it is not a secured device there are no cryptographic keys on this device, meaning this message is sent without an OpenPGP signature. In general you should *not* rely on any information sent over such an unsecure channel, if you find any information controversial or

Re: [Sks-devel] ECC HTTPS certs for HKPS

ave identified interesting behavior from certain clients. As for gateway solutions , as far as I'm aware at least Symantec Encryption Server (former PGP Universal) only check LDAP (and not that either by default), but peripdic keyyring refreshes etc is natural behavior/usage anyways. -- --

Re: [Sks-devel] ECC HTTPS certs for HKPS

On 04/02/2017 06:00 PM, Pete Stephenson wrote: > On Sun, Apr 2, 2017 at 12:44 PM, Kristian Fiskerstrand > <kristian.fiskerstr...@sumptuouscapital.com> wrote: >> On 04/02/2017 07:07 AM, Phil Pennock wrote: >>> We need to know it won't break clients. So, setting up a key

Re: [Sks-devel] ECC HTTPS certs for HKPS

hat added complexity has any value at all. In most cases ECC is lower security margin for lower interoperability. I'm still not convinced we have anything to gain by doing any dual-stack approach that also includes an increased workload to manage the certs. -- Kristian Fis

Re: [Sks-devel] Hiding revoked keys in generated webpages

rs by hand without understanding the implications to begin with, making it more "user friendly" seems counter intuitive in that context. -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP ke

Re: [Sks-devel] Long keyids (64-bit) instead of short (32-bit)?

recall doing it at one point just to test a bit) - but it doesn't improve security in any form. -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.n

Re: [Sks-devel] nokeyserver annotation

nvalid notation might not be rejected by a client (is it critical marked?). Is there a reference for this behavior in RFC and tested on various implementations? -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Pu

Re: [Sks-devel] nokeyserver annotation

a package that hinders distribution of the keyblock , and then later on the user revokes the keyblock and believes it gets uploaded to keyserver with the modified packet but at that point it is rejected? -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter:

Re: [Sks-devel] sks-keyservers.net: DNS-Admins: action needed: Unexpected IP change

On 12/14/2016 11:08 AM, Christoph Egger wrote: > > Kristian Fiskerstrand <kristian.fiskerstr...@sumptuouscapital.com> writes: >> if you find any information un-expected send a response and request a signed >> confirmation] > >> Unexpected IP change &g

Re: [Sks-devel] Seeking peers for keys.drup.no

On 11/20/2016 07:01 PM, Audun Larsen wrote: > Hi, > > I am looking for peers for a new SKS keyserver installation. > > I am running SKS version 1.1.6, on keys.drup.no. > This is a private server physically located in Bergen, Norway. Added it to my server in Oslo, Norway # Kri

Re: [Sks-devel] Something broken?

ns for sks] see example [0,1]: [munin plugins for sks] https://git.sumptuouscapital.com/?p=munin-sks.git;a=summary [0] https://download.sumptuouscapital.com/sks/munin_sks/sks_daily_keys-week.png [1] https://download.sumptuouscapital.com/sks/munin_sks/sks_number_keys-week.png -- --

  1   2   3   4   5   >