lso be avalable fresh copy through wkd)
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35A
>
>
>
I'd guess it hitting a stack limit during merge of a large key.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5
d
for any actual issues anyways), but won't get around to actually
updating the crl until this evening or more likely tomorrow as that
requires special access.
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
--
On 15.01.2020 02:28, Todd Fleisher wrote:
> Hopefully Kristian finds and fixes his issue in the morning.
thanks for the heads up everyone; should be back up on next update run
(cause: crl expired)
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.
On 13.12.2019 00:56, Skip Carter wrote:
> correction, the errors are stackoverflows not segfaults
>
ulimit -s unlimited before building.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public O
Regards
>
> Gabor
>
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
Corruptissima re public
Mail: ja...@insect.com <mailto:ja...@insect.com>
>Phone: (910) 689.0557
> (800) 284.7872
>Fax: (910) 689.0558
>
>
>
>> On Aug 22, 2019, at 12:14 PM, Kristian Fiskerstrand
> wrote:
>>
>> On 22.08.2019 18:08, Jason John Schwarz wrote:
>>> I
ly you specify it on a per user basis in
/etc/security/limits.conf . See also man ulimit for a one-off, e.g
ulimit -s unlimited before starting sks.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public O
Fwiw, that error sounds like too small stack size for the process - in an
alternative universe it would be interesting to hear your experience running
with a higher stack limit
On August 21, 2019 9:16:05 PM GMT+02:00, John Zaitseff
wrote:
>It is with feelings of sadness and regret that I will
See Membership fileSee reference membership file
On July 30, 2019 9:51:31 PM GMT+02:00, "Kiss Gabor (Bitman)"
wrote:
>Dear Kristian,
>
>I have a suggestion about status pages.
>Would you mind to provide information about what other hosts
>consider a given server as a peer?
>
>I mean it could be
My guess is you need to increase stack size
On July 28, 2019 5:37:58 PM GMT+02:00, Marcin Gondek wrote:
>Hello All,
>
>Can someone help me or instruct why every time I do initial key load
>i'm getting always getting segfault?
>I've tried with many dump and always is the same.
>MD5 are ok about
Yes, it is a scheduled power outage and should be back up soon, the pool itself
functions but wont update in the window.
On July 10, 2019 1:29:29 PM GMT+02:00, "Kiss Gabor (Bitman)"
wrote:
>Dear Kristian,
>
>I wonder if you know that https://sks-keyservers.net/ is unreachable?
>
>Regards
>
lemented in the
conflux libary and documentation.
https://hockeypuck.github.io/
https://gopkg.in/hockeypuck/conflux.v2
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://po
at much, but you need at least 8 GiB of RAM allocated for each
node and sufficient swap or recon will often get OOM-killed.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://po
ints I get from
users has dropped significantly). And its not really a strict
requirement, one can set up VMs / chroots for it on a relatively small
server.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
--
Have you run sks cleandb during setup phase? The setup scripts should include
it..
On June 4, 2019 3:38:38 AM GMT+02:00, Skip Carter wrote:
>my recon logs have messages like these:
>
>
> error in callback.: Failure("configuration of
>remote host () rejected: filters do
>not match.\n\tlocal
oradically due to merges.
Now, this is somewhat better for the general pool since
https://dev.gnupg.org/T4175 results in retry on failover for 5xx codes,
but has caused a lot of problem reports in the past and not all distros
ship this in stable versions.
--
----
Kri
locked by firewall or something?
curl "http://[2001:738:0:600:216:3eff:fe02:42]:11371/pks/lookup?op=stats;
.. times out from the system ipv6 tests are done on
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
in case he filters sks-devel mail.
>
Well, its a simple enough issue. the CRL expired, so no host validated
anymore.. Services should be returning to normal soon enough. Thanks for
the ping.
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twi
On 3/8/19 3:19 PM, Andrew Gallagher wrote:
> On 08/03/2019 14:15, Kristian Fiskerstrand wrote:
>> The ICO has concluded in this case and no further action will be taken
>> from them.
>
> Was there any legal reasoning attached to this decision?
It was a relatively good
add_header Via "1.1 keys2.kfwebs.net";
proxy_ignore_client_abort on;
}
}
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034
send and receive when dealing with
> casework. Not only are we obliged to deal with these in accordance with
> the access provisions of the data protection framework and the Freedom
> of Information Act 2000, it is in the public interest that we are open
> and tra
tation. The
current disagreement are really with regards to whether this should be
"validating keyservers" or not, and how such servers could interact with
non-validating ones.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
T
for 10 minutes in nginx, which really makes life more pleasant.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B6
On 11/16/18 2:08 AM, Matthew Walster wrote:
> Good lord, Kristian, you have to deal with these people on a regular basis?
Yes
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keybl
(as long as users understand their position).
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
On 7/3/18 11:01 PM, Phil Pennock wrote:
> On 2018-07-03 at 12:51 +0200, Kristian Fiskerstrand wrote:
>> However, going forwards I'm going to request additional information
>> about the server hardware (already requesting info on line capacity for
>> SRV pool purposes)
the usual advantages if there are other outages, e.g
during system upgrade, but for the purposes we're talking it just needs
to be multiple instances.
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Publi
-expected send a
response and request a signed confirmation]
> On 26 Aug 2018, at 18:44, Alain Wolf wrote:
>
> Hi
>
> Am 24.08.2018 um 14:36 wrote Kristian Fiskerstrand:
>> On 08/24/2018 11:36 AM, Gabor Kiss wrote:
>>> A question:
>>> Does an SKS cluster ne
On 08/24/2018 06:58 PM, Kristian Fiskerstrand wrote:
> On 08/24/2018 06:56 PM, Kiss Gabor (Bitman) wrote:
>> Dear Kristian,
>>
>> Page https://sks-keyservers.net/status/ contains no key servers.
>
> Yup, I'm on it
>
Not entirely sure what went wro
o hkps pool,
in particular since noticing an interesting feature if only one server
is included, which disables pool behavior in dirmngr and results in TLS
error / generic error due to CA pem not being loaded...
--
----
Kristian Fiskerstrand
Blog:
On 07/03/2018 12:51 PM, Kristian Fiskerstrand wrote:
> Although the requirements to get included in the HKPS pool have so far
> been a bit subjective and changing over time as I've gotten more
> experience (and balancing out the requirements for the pool - it is not
> the point for m
gossipping), and servers
that do caching on the reverse proxy. Additionally low-CPU/low-memory
setups will not be permitted into the HKPS pool.
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP
On 06/19/2018 11:17 PM, Kristian Fiskerstrand wrote:
> On 06/19/2018 11:09 PM, Kristian Fiskerstrand wrote:
>> On 06/19/2018 10:53 PM, Matthew Walster wrote:
>>> The keyserver status page seems broken also:
>>> https://sks-keyservers.net/status/
>>
>> T
On 06/19/2018 11:09 PM, Kristian Fiskerstrand wrote:
> On 06/19/2018 10:53 PM, Matthew Walster wrote:
>> The keyserver status page seems broken also:
>> https://sks-keyservers.net/status/
>
> This was an intermittent failure, should be back up now.. Needed to
> shi
On 06/19/2018 10:53 PM, Matthew Walster wrote:
> The keyserver status page seems broken also:
> https://sks-keyservers.net/status/
This was an intermittent failure, should be back up now.. Needed to
shift around some primaries to bootstrap the crawler.
--
----
Kr
an:
> https://netzpolitik.org/2018/bussgelder-bei-datenschutzverstoessen-angst-vor-einem-phantom/
>
>
> Disclaimer: IANAL. This is not legal advice.
>
>
>
> ___
> Gnupg-devel mailing list
> gnupg-de...@gnupg.org
> http://li
On 05/20/2018 10:14 PM, Kristian Fiskerstrand wrote:
> On 05/20/2018 01:31 AM, Webmaster IspFontela wrote:
>>
>> Now we just need to find out why the server a.0.keysnode.ispfontela.es
>> on the list https://sks-keyservers.net/status/ has disappeared, I guess
>> th
ig. But it is so long ago I don't recall if we
checked if it was used everywhere.
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
the whole GDPR is a
mess to begin with.
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60
ginal report reads too
much like a rant and has insufficient info to comment much.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 51
ired.com/2012/05/torvalds-github/ and comments starting
with at least
https://github.com/torvalds/linux/pull/17#issuecomment-5654674
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public
[Sent from my iPad, as it is not a secured device there are no cryptographic
keys on this device, meaning this message is sent without an OpenPGP signature.
In general you should *not* rely on any information sent over such an unsecure
channel, if you find any information controversial or
e need to specify a
specific filter for a specific version and move from there, which can be
relatively easy given sufficient time.
>
> --dkg
>
> [0] see for example
> https://bitbucket.org/skskeyserver/sks-keyserver/pull-request/20/trim-local-certifications-from-any-handled
>
he deluge of meltdown/spectre/memcached) so I don’t see the need/reason
> to disable TLS1.2
I was referring to server operators here, not clients, if that wasn't
clear :)
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
---
one were to actually disable everything but 1.3, that'd be
exclusion worthy from the pool, but lets do this manually if so.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at
On 02/15/2018 09:46 AM, Kristian Fiskerstrand wrote:
> On 02/15/2018 05:51 AM, Eric Germann wrote:
>> Good evening all,
>>
>> Are there any docs anywhere regarding the HTTP request that can be made on
>> port 11371?
>>
>> Specifically, wondering if /p
for server stats, etc.
>
> Thanks for any pointers.
>
> EKG
Look at json format for =mr on a hockeypuck server
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool
uscapital.com/?p=munin-sks.git;a=summary
Keep in mind stats by default are updated once a day and by convention hourly
through system signals
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP
DB files using db*_archive?
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60
address, please let me know back privately.
>
>Thanks
>
>EKG
I've gotten the emails :) still doing due dilligence for csr decision of
whether to sign or not, server is a bit nee and I prefer strongly connected
(wot strongset) operators
--
Kristian Fisker
didn't know the first thing about security hardcoded
> that certificate into the software.
To make sure this isn't un-challenged in the archives, the secret key
never touches an online system, all operations are done on airgapped setup.
--
----
Kristian
On 01/14/2018 08:46 PM, Kristian Fiskerstrand wrote:
> From a privacy perspective, then yes, using HKPS transport is better,
> but it doesn't improve anything if malicious servers are included in
> some way that records information anyways, so having all servers
> included red
ub-pools are doing anything re HKPS,
that is a single global pool.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 3
scussion, nobody is required
to use a single pool of keyservers.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5
ards
>>
>> Alain
>>
>>
>>
>> ___
>> Sks-devel mailing list
>> Sks-devel@nongnu.org
>> https://lists.nongnu.org/mailman/listinfo/sks-devel
A misissued cert could still be used if attacker is persistent enough. Either
through dns poision or
On 12/18/2017 10:00 PM, Webmaster IspFontela wrote:
>
> The only change I've made has been to add 2 new peers
>
> What has happened?
Seems the stats page is a non-standard one so it just fails scraping the
data.
--
----
Kristian Fiskerstrand
> this infrastructure.
That is actually a few years old, using the regular [trollwot]
>
> http://keys.niif.hu/pks/lookup?op=vindex=0x0B7F8B60E3EDFAE3
> (scroll down)
>
References:
[trollwot]
https://raw.githubusercontent.com/micahflee/trollwot/master/trollwot.pdf
--
--
things are restored, but to try to debug this more generally,
can you confirm you used fastbuild rather than a full build originally?
In that case the offsets referenced can have been changed during this
process, and the behavior being within the expected behavior.
--
--
existing data stores. Some changes to config
requires recreating the BDB environment, which can be done using the
UPGRADING procedures, but you'd mostly need to do that if experiencing
issues / it not taking.
--
Kristian Fiskerstrand
Blog: https://blog.sumptuousca
On 12/08/2017 08:34 PM, Fabian A. Santiago wrote:
> is there any reason to enable mailsync functionality? does anyone out there
> still use it?
tl,dr; No
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @k
e info on
manual procedure in UPGRADING file, specifically look for db5.3_archive
or similar for your distribution (there are some differences in naming
conventions etc for multiple versions)
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @k
hopefully that
sorts it.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
Nil desp
On 10/04/2017 02:52 PM, Frank de Bot wrote:
> Wouldn't this cause to also route a search with 'stats' only to the
> primary server? ;-)
$arg_op in this case actually means "?op" as key, its not an arbitrary
key in the querystring :)
--
----
Kristian F
re defined as upstream
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
p/Screenshot_2017-10-04-08-52-45.png
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
"We all die.
crease in requirement in main pool will
automatically affect the subpools.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35A
n all the
> pools.
already done
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
-
/2017-September/033063.html
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
y default
11371) to your peers at least to allow exchange of some public keyblocks.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109
social graph leak.
... noting of which is a result of the choie of VCS impacting this to a
great extent. If anything we'd need to rewrite the full codebase in C
for such an argument to be made.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
curial queues etc.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3E
On 08/08/2017 03:27 PM, Kristian Fiskerstrand wrote:
> that is added
> as a single commit upon qmerge
To avoid any ambiguity, this should be qfinish... qmerge is similar step
in the Gentoo Portage process...
--
----
Kristian Fiskerstrand
Blog:
On 08/08/2017 03:27 PM, Kristian Fiskerstrand wrote:
> There are likely a few different questions resulting from this (my own
> opinions in separate email).
And here they come
> (i) Should we use git for revision control instead of mercurial?
I'm personally more involved in projects
validates (i) and (ii) as the workflow is
simplified (hg export), so in terms of the processes of commits and we'd
avoid any move (wiki and issue tracker stays the same).
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitt
On 07/15/2017 01:34 PM, Kristian Fiskerstrand wrote:
> On 07/15/2017 11:39 AM, Moritz Wirth wrote:
>> Good morning everybody,
>>
>> is it possible to loadbalance SKS/Nginx using multiple A records for the
>> hostname?
>
> The keyserver pools operate as
could result in exclusion from the pool.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B
beddcd
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
"Money is better than pover
On 06/26/2017 06:16 PM, Andrew Gallagher wrote:
> OCaml appears to make (dis?)optimisations that trigger a rare Intel
> hyperthreading bug with increased probability.
The way I'm reading it is; When ocaml breaks it is due to a processor
misbehaving :)
--
----
Kr
for heads up, given that robots.txt wasn't previously tracked
but created directly on server there ended up a conflict on update for
the file...
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Publi
ust the
same; and the full data set is available and part of regular workflow
for bootstrapping own servers.
References:
[added it now]
https://git.sumptuouscapital.com/?p=sks-keyservers-pool.git;a=commit;h=b98e7522990961541165dfc23781a45a1a5e05a9
--
----
Kristian Fiskerstrand
On 06/20/2017 05:56 PM, Ari Trachtenberg wrote:
> Not quite ... each server can decide which keys it want s to accept.
> Bad actors will eventually fall out of favor with the others.
Now we presume a non-gossiping system of isolated servers
--
----
Kristian Fisker
begin with).
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
"If you choose to sail up
ain on next run
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
"Better to keep your mouth
bugs.gentoo.org/show_bug.cgi?id=591326
[1]
https://caml.inria.fr/mantis/view.php?id=6517
[2]
https://bitbucket.org/skskeyserver/sks-keyserver/issues/42/unbundle-cryptokit-sks-incompatible-with
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Tw
n their own trustdb/wot calculation rather than
relying on a third party that doen't provide a security assertion to
begin with.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp
ps, so hostname is the shared cluster
addresse whereby nodename can be used to identify specific nodes.
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://po
tances of SKS behind the
reverse proxy to distribute the load (I run two instances myself - and
that is for lesser load). Would just need separate key port and do local
reconciliation only between them necessary , can make sure stats page
(?op=stats) only reaches the primary so it exposes the externa
an instance of a one line patch can never go wrong...
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B
[Sent from my iPad, as it is not a secured device there are no cryptographic
keys on this device, meaning this message is sent without an OpenPGP signature.
In general you should *not* rely on any information sent over such an unsecure
channel, if you find any information controversial or
ave identified interesting behavior from certain clients.
As for gateway solutions , as far as I'm aware at least Symantec Encryption
Server (former PGP Universal) only check LDAP (and not that either by default),
but peripdic keyyring refreshes etc is natural behavior/usage anyways.
--
--
On 04/02/2017 06:00 PM, Pete Stephenson wrote:
> On Sun, Apr 2, 2017 at 12:44 PM, Kristian Fiskerstrand
> <kristian.fiskerstr...@sumptuouscapital.com> wrote:
>> On 04/02/2017 07:07 AM, Phil Pennock wrote:
>>> We need to know it won't break clients. So, setting up a key
hat added complexity has any value at all. In most cases ECC
is lower security margin for lower interoperability. I'm still not
convinced we have anything to gain by doing any dual-stack approach that
also includes an increased workload to manage the certs.
--
Kristian Fis
rs by hand without
understanding the implications to begin with, making it more "user
friendly" seems counter intuitive in that context.
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP ke
recall doing it at one point just to test a bit) - but it
doesn't improve security in any form.
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.n
nvalid notation might not be rejected by a client (is it critical
marked?). Is there a reference for this behavior in RFC and tested on
various implementations?
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Pu
a
package that hinders distribution of the keyblock , and then later on
the user revokes the keyblock and believes it gets uploaded to keyserver
with the modified packet but at that point it is rejected?
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter:
On 12/14/2016 11:08 AM, Christoph Egger wrote:
>
> Kristian Fiskerstrand <kristian.fiskerstr...@sumptuouscapital.com> writes:
>> if you find any information un-expected send a response and request a signed
>> confirmation]
>
>> Unexpected IP change
&g
On 11/20/2016 07:01 PM, Audun Larsen wrote:
> Hi,
>
> I am looking for peers for a new SKS keyserver installation.
>
> I am running SKS version 1.1.6, on keys.drup.no.
> This is a private server physically located in Bergen, Norway.
Added it to my server in Oslo, Norway
# Kri
ns for sks]
see example [0,1]:
[munin plugins for sks]
https://git.sumptuouscapital.com/?p=munin-sks.git;a=summary
[0]
https://download.sumptuouscapital.com/sks/munin_sks/sks_daily_keys-week.png
[1]
https://download.sumptuouscapital.com/sks/munin_sks/sks_number_keys-week.png
--
--
1 - 100 of 486 matches
Mail list logo