t peer with my server in this email) please de-peer with my
server.
That said, I will remain subscribed to the list and will be happy to
contribute in any way I can, including being willing to operate a public
server again once things can be made more robust.
Cheers!
-Pete
--
Pete Stephenson
s
caching proxy on their end to minimize the load to the
pool and are looking at running their own server going forward.
Excellent. Thanks for the suggestion.
Cheers!
-Pete
--
Pete Stephenson
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel
On 6/17/2018 12:59 AM, Paul M Furley wrote:
> Hi Pete,
>
> On 17/06/18 04:53, Pete Stephenson wrote:
>> Thanks.
>>
>> I then have three more questions:
>>
>> 1. If this issue is affecting my server to the point of it being booted
>> from the pool (si
://bitbucket.org/skskeyserver/sks-keyserver/issues/57/anyone-can-make-any-pgp-key-unimportable
>
> Best regards,
>
> Moritz
>
> Am 17.06.18 um 02:18 schrieb Pete Stephenson:
>> Hi all,
>>
>> My server, ams.sks.heypete.com, has been suffering from periods where
On 6/16/2018 5:18 PM, Pete Stephenson wrote:
> Hi all,
>
> My server, ams.sks.heypete.com, has been suffering from periods where
> the amount of CPU used by the sks process goes to 100% for a few minutes
> at a time. During this time, my Apache reverse proxy produces errors of
what would reasonable values be for X and Y?
Thank you.
Cheers!
-Pete
--
Pete Stephenson
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel
were not successful,
so I ended up rebuilding the database from a fresh key dump and
everything is back in sync and online.
My apologies for any disruption this may have caused.
Cheers!
-Pete
--
Pete Stephenson
___
Sks-devel mailing list
Sks-
On Thu, Jul 20, 2017, at 07:18 PM, Valentin Sundermann wrote:
> I see these requests too, but from a different IP. I noticed them 1-2
> months ago but wasn't able to find the origin of these requests (they
> got sorted into a general logfile because of the "missing" Host field).
Interesting. That
On Thu, Jul 20, 2017, at 06:33 PM, Paul M Furley wrote:
> On 20/07/17 15:54, Pete Stephenson wrote:
> > Hi all,
> >
> > I've been receiving some queries that, while not stressing my server,
> > appear to be abusive in nature...though perhaps accidentally so.
e 15th of July.
I haven't observed any other odd traffic, so it seems unlikely that a
botnet is involved. Maybe a script that has gone awry?
Although slightly annoying, it doesn't consume much resources. Any
suggestions on how to deal with this client? For example, should I
continue to ser
On Mon, Apr 3, 2017 at 8:45 AM, Kristian Fiskerstrand
wrote:
> On April 2, 2017 9:10:10 PM GMT+02:00, Pete Stephenson
> wrote:
>
>>
>>True, but RSA-4096 is *slow*. 3072 is a bit less so (but there's no
>>openssl speed option for testing it).
>>
>>My
")On Sun, Apr 2, 2017 at 6:07 PM, Kristian Fiskerstrand
wrote:
> On 04/02/2017 06:00 PM, Pete Stephenson wrote:
>> Out of curiosity, how would it be less interoperable? The whole point
>> of having the server choose is so that clients that support ECC would
>> get E
ity margin"? 2048-bit RSA keys
are equivalent to an ~80 bit symmetric cipher. A 256-bit ECC key is
equivalent to a 128-bit symmetric cipher. Sure, RSA keys, due to their
greater length, will succumb to quantum computers later than the
shorter ECC key
ut in production for a bit to
see how clients handle it, particularly if it'd be possible to log
error states or abandoned connections before and after offering both
types of certs.
Cheers!
-Pete
--
Pete Stephenson
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel
Hi,
I've added you. Here's my line for your membership file:
ams.sks.heypete.com 11370 # Pete Stephenson
0x1C600C6CCEA44628D2439A139A5CC3A485EB9F44
Cheers!
-Pete
On Wed, Dec 14, 2016 at 3:33 AM, t1k3 wrote:
> Hello all,
>
> I have setup a new keyserver running Ubuntu 14.0
er...but I'm willing to learn.
I'm using a bog-standard Debian Jessie installation and it appears to
be using rsyslog. I'm not familiar with how rsyslog and systemd
interact in regards to logging, but if you have any advice to point me
in the right direction I'd be very much obliged.
> Hope this helps,
It does, indeed. Thank you for the response.
Cheers!
-Pete
--
Pete Stephenson
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel
doutlog" from the
ExecStart line, ran "systemctl daemon-reload" to reload the config
files, and ran "systemctl sks restart" and "systemctl sks-recon
restart" and all worked perfectly. The logs are being correctly
written.
Thank you very much for pointing
/sks/
Any ideas what might be going on? I'd be happy to provide logs or
other details upon request.
--
Pete Stephenson
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel
nd use
> them in my own installation?
Hi Hillebrand,
This is the config file I'm using for ams.sks.heypete.com's HKPS
setup. It's been running for a few years without any problems.
https://gist.github.com/heypete/820641761a88597603edff59cae
roxyPassReverse / http://127.0.0.1:11371/
ProxyVia On
SetEnv proxy-nokeepalive 1
#
Cheers!
-Pete
--
Pete Stephenson
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel
On Aug 17, 2016 10:38, "Pascal Levasseur"
wrote:
>
> Hello,
>
> The stats of my sks server (1.1.5) shows a great increase in new keys
> and updated keys on August, 2016, 13 and 16 :
>
> TimeNew KeysUpdated Keys
>
> 2016-08-16 27470 24231
> 2016-08-15 908
On Aug 7, 2016 16:40, "Kristian Fiskerstrand" <
kristian.fiskerstr...@sumptuouscapital.com> wrote:
>
> Hello lists,
>
> We are pleased to announce the availability of a new stable SKS
> release: Version 1.1.6.
Very cool. I'll upgrade shortly.
Out of curiosity, is there any Debian-type repository
On Wed, Apr 27, 2016 at 9:46 AM, Kristian Fiskerstrand
wrote:
> On 04/27/2016 09:42 AM, Pete Stephenson wrote:
>> On Wed, Apr 27, 2016 at 9:32 AM, Kristian Fiskerstrand
>> wrote:
>>> On 04/27/2016 06:45 AM, Gabor Kiss wrote:
>>>> Does IPv6 address also change
ve had those before, but it is explicitly restricted in the pool
Restricted in what way?
Do you mean that IPv6-only servers are specifically limited to the
ipv6 pool, or that they're flatly prohibited from membership in any
pool?
Cheers!
-Pete
--
Pete Stephenson
__
sync events when the IP address changes, but
it'd be ideal if peers could adapt to updated IP addresses quickly.
Cheers!
-Pete
--
Pete Stephenson
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel
On Dec 18, 2015 3:05 PM, "Alfie John" wrote:
>
> Hi,
>
> Not sure if this is the right place. I'm looking for a mirror of the MIT
Key
> Server. Bugs-mit@ told me someone here may know where I could get it.
Hi Alfie,
The MIT server is part of the SKS pool, which is a group of keyservers that
are
et it up as an NFS share and mounted that
share on the main server. I downloaded the keydump to the NFS server,
then imported the keydump into the main server. When done, I deleted
the NFS server. Worked pretty well for me.
--
Pete Stephenson
___
Sks-dev
On Sat, Sep 19, 2015 at 9:32 AM, Pete Stephenson wrote:
> Hi all,
>
> My server ams.sks.heypete.com is available over both insecure (HKP) and
> secure (HKPS) protocols. Up until this issue, it had been part of the
> HKPS pool for a year.
>
> Recently I've stopped seei
Hi all,
My server ams.sks.heypete.com is available over both insecure (HKP) and
secure (HKPS) protocols. Up until this issue, it had been part of the
HKPS pool for a year.
Recently I've stopped seeing any of the regular test connections for
secure connections from the monitoring system that manag
ng up in the SKS Keyserver Status page. If the
server was peered with another public server, it'd appear there.
That said, I'd be happy to peer with Telehost if they send me the
relevant information for my membership file. My information is:
ams.sks.heypete.com 11370 # Pete Stephen
have any two-way peering arrangements with other servers?
That is, you cannot simply add another server to your membership file
and have things work -- the administrator of the other server must
also add your server to establish a two-way peering arrangement.
--
Pete Stephenson
return so I can do the same:
>
> keysrv.technl.net 11370 # E. van Harten 0x9E27CC40
>
> With kind regards,
>
> Evert van Harten
Hi Evert,
I've added you. My server information is as follows:
ams.sks.heypete.com 11370 # Pete Stephenson 0x85EB9F44
Cheers!
-Pete
--
Pete Stephenson
__
adds a "Via:" HTTP header so the
SKS pool crawler will recognize the proxy exists and will add it to
the pool. Without the Via header it won't be part of the pool.
Cheers!
-Pete
--
Pete Stephenson
___
Sks-devel mailing list
Sks-devel
files from
the source (and each other) but only changes made by the source would
propagate; people with read-only keys can't push out changes to
others.
--
Pete Stephenson
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel
keyserver,
> please drop me short mail. Thanks!
> The keyserver is available under both: HTTP and HTTPS under the following
> link: https://keyserver.pkern.at/pks/lookup?op=stats
I've added your server as a peer. To do the reverse, add the following
line to your SKS membership fi
Hi all,
There appears to be something wrong with the IPv6 pool crawler:
https://sks-keyservers.net/status/ reports that no servers support IPv6
(although many do). The DNS zone ipv6.pool.sks-keyservers.net is
returning NXDOMAIN.
Kristian, can you kick the crawler to get it working again?
Cheers!
On 9/11/2014 4:10 PM, Pete Stephenson wrote:
[snip
> Later today I will be migrating ams.sks.heypete.com to this new
> facility. This will entail a period of downtime. When it comes back
> online, the system will have new IPv4 and IPv6 addresses.
>
> After things are setup, tested,
On 9/11/2014 4:10 PM, Pete Stephenson wrote:
> Hi all,
>
> My VPS hosting company recently brought a new facility in Amsterdam
> online. The new facility has an upgraded backend which allows live
> snapshotting, native IPv6, and a bunch of other useful features.
>
>
Hi all,
My VPS hosting company recently brought a new facility in Amsterdam
online. The new facility has an upgraded backend which allows live
snapshotting, native IPv6, and a bunch of other useful features.
Later today I will be migrating ams.sks.heypete.com to this new
facility. This will entai
On 9/5/2014 8:22 AM, Kim Minh Kaplan wrote:
> Pete Stephenson wrote:
>
>>> I was perusing my recon.log and db.log files today and noticed odd gaps
>>> in gossip activity that last for an hour and result in error messages.
>>> Logs for the last few days indicate
On 9/1/2014 5:41 PM, Pete Stephenson wrote:
> Hi all,
>
> I was perusing my recon.log and db.log files today and noticed odd gaps
> in gossip activity that last for an hour and result in error messages.
> Logs for the last few days indicate this happens 10-15 times per day.
Hi all,
I was perusing my recon.log and db.log files today and noticed odd gaps
in gossip activity that last for an hour and result in error messages.
Logs for the last few days indicate this happens 10-15 times per day.
Normally, my server (ams.sks.heypete.com, running SKS 1.1.5) gossips
regular
On 9/1/2014 11:39 AM, echelon wrote:
> On 01.09.2014 10:30, Pete Stephenson wrote:
>
>> Hi,
>
>> Your server is listening on ports 11371 in addition to 80. Is this
>> what you intended?
>
>> Also, the suggested membership line is incorrect: you specified
>
ming you intend to listen to port 11370 for recon traffic, the
correct line would be:
keys.i2p-projekt.de 11370 # echelon 0x4A9B1723
That said, I've added your server as a peer (assuming you intend to
listen for recon on 11370). You can add mine to your membership file as:
ams.sks.heyp
iptables rule:
"-A INPUT -p ipv6 -s $TUNNEL_SERVER_IPv4_ADDRESS -j ACCEPT".
[2] See http://en.wikipedia.org/wiki/6in4
--
Pete Stephenson
signature.asc
Description: OpenPGP digital signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel
On 8/14/2014 4:06 PM, Kristian Fiskerstrand wrote:
> On 08/14/2014 04:04 PM, Pete Stephenson wrote:
>> My (albeit limited) understanding is that SKS is an append-only
>> system, and that it is not possible to remove key packets that are
>> already on the servers.
>
On 8/14/2014 2:23 PM, Kristian Fiskerstrand wrote:
> On 08/14/2014 02:12 PM, Christoph Egger wrote:
>> "Kiss Gabor (Bitman)" writes:
- mitm attacks may manipulate up-/downloaded keys
>>>
>>> no
>>>
>>> Every uploaded key can be manipulated legally by anyone. (I.e.
>>> you attach a new signat
gt;>
>
> pgp.root.gg 11371
I think you mean 11370, right?
I've added your server as a peer.
If you wish to add my server as a peer, please add the following line to
your membership file:
ams.sks.heypete.com 11370 # Pete Stephenson
0x1C600
On 8/3/2014 10:55 PM, David Benfell wrote:
> On Sun, Aug 03, 2014 at 09:29:49PM +0200, Pete Stephenson wrote:
>> Hi all,
>>
>> For those running HKPS-enabled servers in the pool, what protocols and
>> ciphersuites do you use?
>>
>> I'd hope that it'
Hi all,
For those running HKPS-enabled servers in the pool, what protocols and
ciphersuites do you use?
I'd hope that it'd be safe these days to disable SSLv2. How about SSLv3?
RC4?
I'd like to provide a reasonable fallback to older clients that don't
support modern ciphers, but without jeopardi
On 8/3/2014 3:03 PM, Tyler Schwend wrote:
> Building the sks database from a dump takes a very long time, a lot
> of disk space, and a lot of CPU. Is there a way to just move the
> whole BDB from one host to another? I am switching hosts.
I'm not sure if it's recommended, but I've done that succes
Hi all,
I was reviewing the mailing list archives recently and had a few questions:
1. From what I've read, generating DB stats block the DB and SKS does
not respond to search/submit queries while the generation is ongoing.
What happens to queries during the blocking period? Are they rejected or
On 8/1/2014 12:27 PM, Kristian Fiskerstrand wrote:
> On 08/01/2014 12:08 PM, Pete Stephenson wrote:
>> Dear all,
>
>
> ...
>
>
>> Is there a way to have the public and private systems stay in sync,
>> but privately?
>
> One option is using a local
Dear all,
I have two questions regarding running a keyserver:
1. Is it possible to run an SKS keyserver that stays in sync with the
pool, without actually being a member of the pool and responding to
public queries?
That is, I (as of yesterday) operate a public keyserver that is part of
the pool
stening on ports 11371 and 80 and is behind a reverse
proxy on both ports.
I loaded a dump from http://keyserver.secretresearchfacility.com/dump/
dated today. My server currently has 3680247 keys loaded.
For operational issues, please contact me directly.
ams.sks.heypete.com 11370 # Pete
of Ulm, Germany
>
> Office: 027 - 3402
> Phone: +49 731 50-24138
> Web: http://www.uni-ulm.de/in/vs/~kopp
>
> ___
> Sks-devel mailing list
> Sks-devel@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/sks-devel
>
--
Pete Stephenson
__
56 matches
Mail list logo