t
should also be avalable fresh copy through wkd)
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 510
;
>
>
I'd guess it hitting a stack limit during merge of a large key.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5
d
for any actual issues anyways), but won't get around to actually
updating the crl until this evening or more likely tomorrow as that
requires special access.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
-
On 15.01.2020 02:28, Todd Fleisher wrote:
> Hopefully Kristian finds and fixes his issue in the morning.
thanks for the heads up everyone; should be back up on next update run
(cause: crl expired)
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.
On 13.12.2019 00:56, Skip Carter wrote:
> correction, the errors are stackoverflows not segfaults
>
ulimit -s unlimited before building.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public O
> Regards
>
> Gabor
>
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
Corruptissima re publi
>
>eMail: ja...@insect.com <mailto:ja...@insect.com>
>Phone: (910) 689.0557
> (800) 284.7872
>Fax: (910) 689.0558
>
>
>
>> On Aug 22, 2019, at 12:14 PM, Kristian Fiskerstrand
> wrote:
>>
>> On 22.08.2019 18:08, Jason John Schwarz wrote:
>&
ionally you specify it on a per user basis in
/etc/security/limits.conf . See also man ulimit for a one-off, e.g
ulimit -s unlimited before starting sks.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Pub
Fwiw, that error sounds like too small stack size for the process - in an
alternative universe it would be interesting to hear your experience running
with a higher stack limit
On August 21, 2019 9:16:05 PM GMT+02:00, John Zaitseff
wrote:
>It is with feelings of sadness and regret that I will
See Membership fileSee reference membership file
On July 30, 2019 9:51:31 PM GMT+02:00, "Kiss Gabor (Bitman)"
wrote:
>Dear Kristian,
>
>I have a suggestion about status pages.
>Would you mind to provide information about what other hosts
>consider a given server as a peer?
>
>I mean it could be
My guess is you need to increase stack size
On July 28, 2019 5:37:58 PM GMT+02:00, Marcin Gondek wrote:
>Hello All,
>
>Can someone help me or instruct why every time I do initial key load
>i'm getting always getting segfault?
>I've tried with many dump and always is the same.
>MD5 are ok about p
Yes, it is a scheduled power outage and should be back up soon, the pool itself
functions but wont update in the window.
On July 10, 2019 1:29:29 PM GMT+02:00, "Kiss Gabor (Bitman)"
wrote:
>Dear Kristian,
>
>I wonder if you know that https://sks-keyservers.net/ is unreachable?
>
>Regards
>
>Gab
KS recon is implemented in the
conflux libary and documentation.
https://hockeypuck.github.io/
https://gopkg.in/hockeypuck/conflux.v2
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keybl
g.
Not that much, but you need at least 8 GiB of RAM allocated for each
node and sufficient swap or recon will often get OOM-killed.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock a
of complaints I get from
users has dropped significantly). And its not really a strict
requirement, one can set up VMs / chroots for it on a relatively small
server.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Have you run sks cleandb during setup phase? The setup scripts should include
it..
On June 4, 2019 3:38:38 AM GMT+02:00, Skip Carter wrote:
>my recon logs have messages like these:
>
>
> error in callback.: Failure("configuration of
>remote host () rejected: filters do
>not match.\n\tlocal filt
poradically due to merges.
Now, this is somewhat better for the general pool since
https://dev.gnupg.org/T4175 results in retry on failover for 5xx codes,
but has caused a lot of problem reports in the past and not all distros
ship this in stable versions.
--
--
blocked by firewall or something?
curl "http://[2001:738:0:600:216:3eff:fe02:42]:11371/pks/lookup?op=stats";
.. times out from the system ipv6 tests are done on
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
--
in case he filters sks-devel mail.
>
Well, its a simple enough issue. the CRL expired, so no host validated
anymore.. Services should be returning to normal soon enough. Thanks for
the ping.
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twi
On 3/8/19 3:19 PM, Andrew Gallagher wrote:
> On 08/03/2019 14:15, Kristian Fiskerstrand wrote:
>> The ICO has concluded in this case and no further action will be taken
>> from them.
>
> Was there any legal reasoning attached to this decision?
It was a relatively good
On 2/19/19 6:13 PM, Kristian Fiskerstrand wrote:
> Hi,
>
> In order to get a fruitful dialogue on these matters, some
> clarifications regarding the role of the sks-keyservers.net pool of
> keyservers seems necessary.
>
The ICO has concluded in this case and no further action
s_header Server;
add_header Via "1.1 keys2.kfwebs.net";
proxy_ignore_client_abort on;
}
}
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.ne
s we send and receive when dealing with
> casework. Not only are we obliged to deal with these in accordance with
> the access provisions of the data protection framework and the Freedom
> of Information Act 2000, it is in the public interest that we are open
> an
d implementation. The
current disagreement are really with regards to whether this should be
"validating keyservers" or not, and how such servers could interact with
non-validating ones.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuo
for 10 minutes in nginx, which really makes life more pleasant.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B6
On 11/16/18 2:08 AM, Matthew Walster wrote:
> Good lord, Kristian, you have to deal with these people on a regular basis?
Yes
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock
eing a part of
the ecosystem (as long as users understand their position).
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 561
r-network-and-its-maintainers-dont-fd829297d75e
>>
This is the email correspondence involved;
https://download.sumptuouscapital.com/tmp/re_new-article.eml.txt
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
---
On 7/3/18 11:01 PM, Phil Pennock wrote:
> On 2018-07-03 at 12:51 +0200, Kristian Fiskerstrand wrote:
>> However, going forwards I'm going to request additional information
>> about the server hardware (already requesting info on line capacity for
>> SRV pool purposes)
d be the usual advantages if there are other outages, e.g
during system upgrade, but for the purposes we're talking it just needs
to be multiple instances.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
-expected send a
response and request a signed confirmation]
> On 26 Aug 2018, at 18:44, Alain Wolf wrote:
>
> Hi
>
> Am 24.08.2018 um 14:36 wrote Kristian Fiskerstrand:
>> On 08/24/2018 11:36 AM, Gabor Kiss wrote:
>>> A question:
>>> Does an SKS cluster ne
On 08/24/2018 06:58 PM, Kristian Fiskerstrand wrote:
> On 08/24/2018 06:56 PM, Kiss Gabor (Bitman) wrote:
>> Dear Kristian,
>>
>> Page https://sks-keyservers.net/status/ contains no key servers.
>
> Yup, I'm on it
>
Not entirely sure what went wrong
On 08/24/2018 06:56 PM, Kiss Gabor (Bitman) wrote:
> Dear Kristian,
>
> Page https://sks-keyservers.net/status/ contains no key servers.
Yup, I'm on it
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twi
ustered setups are more important for the ecosystem than
even more individual servers.
> EKG
>
>
>> On Aug 23, 2018, at 9:49 AM, Kristian Fiskerstrand
>> wrote:
>>
>> On 08/20/2018 03:26 PM, Eric Germann wrote:
>>> I’ve reworked the keyserver fleet we’d pre
for each node.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
"My father used to say
e into hkps pool,
in particular since noticing an interesting feature if only one server
is included, which disables pool behavior in dirmngr and results in TLS
error / generic error due to CA pem not being loaded...
--
----
Kristian Fiskerstrand
On 07/03/2018 12:51 PM, Kristian Fiskerstrand wrote:
> Although the requirements to get included in the HKPS pool have so far
> been a bit subjective and changing over time as I've gotten more
> experience (and balancing out the requirements for the pool - it is not
> the point
setup to allow gossipping), and servers
that do caching on the reverse proxy. Additionally low-CPU/low-memory
setups will not be permitted into the HKPS pool.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
On 06/19/2018 11:17 PM, Kristian Fiskerstrand wrote:
> On 06/19/2018 11:09 PM, Kristian Fiskerstrand wrote:
>> On 06/19/2018 10:53 PM, Matthew Walster wrote:
>>> The keyserver status page seems broken also:
>>> https://sks-keyservers.net/status/
>>
>> This
On 06/19/2018 11:09 PM, Kristian Fiskerstrand wrote:
> On 06/19/2018 10:53 PM, Matthew Walster wrote:
>> The keyserver status page seems broken also:
>> https://sks-keyservers.net/status/
>
> This was an intermittent failure, should be back up now.. Needed to
> shift
On 06/19/2018 10:53 PM, Matthew Walster wrote:
> The keyserver status page seems broken also:
> https://sks-keyservers.net/status/
This was an intermittent failure, should be back up now.. Needed to
shift around some primaries to bootstrap the crawler.
--
----
Kr
be fine.
>
> More elaboration in German:
> https://netzpolitik.org/2018/bussgelder-bei-datenschutzverstoessen-angst-vor-einem-phantom/
>
>
> Disclaimer: IANAL. This is not legal advice.
>
>
>
> ___
> Gnupg-devel mailing l
On 05/20/2018 10:14 PM, Kristian Fiskerstrand wrote:
> On 05/20/2018 01:31 AM, Webmaster IspFontela wrote:
>>
>> Now we just need to find out why the server a.0.keysnode.ispfontela.es
>> on the list https://sks-keyservers.net/status/ has disappeared, I guess
>> th
misbehaving with
redirect for 11371 to 443
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B
g. But it is so long ago I don't recall if we
checked if it was used everywhere.
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keys
anyways), but the whole GDPR is a
mess to begin with.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618
ut the original report reads too
much like a rant and has insufficient info to comment much.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AF
torvalds-github/ and comments starting
with at least
https://github.com/torvalds/linux/pull/17#issuecomment-5654674
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://poo
[Sent from my iPad, as it is not a secured device there are no cryptographic
keys on this device, meaning this message is sent without an OpenPGP signature.
In general you should *not* rely on any information sent over such an unsecure
channel, if you find any information controversial or un-e
t responds to a specific alteration; mainly we need to specify a
specific filter for a specific version and move from there, which can be
relatively easy given sufficient time.
>
> --dkg
>
> [0] see for example
> https://bitbucket.org/skskeyserver/sks-keyserver/pull-request/20/trim
in the deluge of meltdown/spectre/memcached) so I don’t see the need/reason
> to disable TLS1.2
I was referring to server operators here, not clients, if that wasn't
clear :)
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
-
)
Now.. if anyone were to actually disable everything but 1.3, that'd be
exclusion worthy from the pool, but lets do this manually if so.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public
On 02/15/2018 09:46 AM, Kristian Fiskerstrand wrote:
> On 02/15/2018 05:51 AM, Eric Germann wrote:
>> Good evening all,
>>
>> Are there any docs anywhere regarding the HTTP request that can be made on
>> port 11371?
>>
>> Specifically, wondering if /p
for server stats, etc.
>
> Thanks for any pointers.
>
> EKG
Look at json format for &options=mr on a hockeypuck server
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock
pital.com/?p=munin-sks.git;a=summary
Keep in mind stats by default are updated once a day and by convention hourly
through system signals
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP c
e some archived DB files using db*_archive?
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618
ck privately.
>
>Thanks
>
>EKG
I've gotten the emails :) still doing due dilligence for csr decision of
whether to sign or not, server is a bit nee and I prefer strongly connected
(wot strongset) operators
--
Kristian Fiskerstrand
Blog
g who didn't know the first thing about security hardcoded
> that certificate into the software.
To make sure this isn't un-challenged in the archives, the secret key
never touches an online system, all operations are done on airgapped setup.
--
--
On 01/14/2018 08:46 PM, Kristian Fiskerstrand wrote:
> From a privacy perspective, then yes, using HKPS transport is better,
> but it doesn't improve anything if malicious servers are included in
> some way that records information anyways, so having all servers
> included re
geographical sub-pools are doing anything re HKPS,
that is a single global pool.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3
prised about this discussion, nobody is required
to use a single pool of keyservers.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:9
cripts distributed
>with
>> the SKS software package.
>>
>> I don't think I am really qualified for designing new security
>> protocols, but the idea doesn't go out of my head. Sorry for the long
>post.
>>
>> Regards
>>
>> Alain
>>
On 12/18/2017 10:00 PM, Webmaster IspFontela wrote:
>
> The only change I've made has been to add 2 new peers
>
> What has happened?
Seems the stats page is a non-standard one so it just fails scraping the
data.
--
----
Kristian Fiskers
> this infrastructure.
That is actually a few years old, using the regular [trollwot]
>
> http://keys.niif.hu/pks/lookup?op=vindex&search=0x0B7F8B60E3EDFAE3
> (scroll down)
>
References:
[trollwot]
https://raw.githubusercontent.com/micahflee/trollwot/master/trollwot.pdf
-
On 12/10/2017 11:20 PM, brent s. wrote:
> On 12/10/2017 05:15 PM, Kristian Fiskerstrand wrote:
>> Good that things are restored, but to try to debug this more generally,
>> can you confirm you used fastbuild rather than a full build originally?
>
> full build has always b
Good that things are restored, but to try to debug this more generally,
can you confirm you used fastbuild rather than a full build originally?
In that case the offsets referenced can have been changed during this
process, and the behavior being within the expected behavior.
--
existing data stores. Some changes to config
requires recreating the BDB environment, which can be done using the
UPGRADING procedures, but you'd mostly need to do that if experiencing
issues / it not taking.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptu
On 12/08/2017 08:34 PM, Fabian A. Santiago wrote:
> is there any reason to enable mailsync functionality? does anyone out there
> still use it?
tl,dr; No
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @k
nfo on
manual procedure in UPGRADING file, specifically look for db5.3_archive
or similar for your distribution (there are some differences in naming
conventions etc for multiple versions)
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @k
though, hopefully that
sorts it.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
---
On 10/04/2017 02:52 PM, Frank de Bot wrote:
> Wouldn't this cause to also route a search with 'stats' only to the
> primary server? ;-)
$arg_op in this case actually means "?op" as key, its not an arbitrary
key in the querystring :)
--
----
sks_server_primary are defined as upstream
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
-
tal.com/tmp/Screenshot_2017-10-04-08-52-45.png
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
"W
increase in requirement in main pool will
automatically affect the subpools.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 561
or membership in all the
> pools.
already done
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8
devel/2017-September/033063.html
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED
fault
11371) to your peers at least to allow exchange of some public keyblocks.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109
ith due to social graph leak.
... noting of which is a result of the choie of VCS impacting this to a
great extent. If anything we'd need to rewrite the full codebase in C
for such an argument to be made.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumpt
m mercurial queues etc.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
--
On 08/08/2017 03:27 PM, Kristian Fiskerstrand wrote:
> that is added
> as a single commit upon qmerge
To avoid any ambiguity, this should be qfinish... qmerge is similar step
in the Gentoo Portage process...
--
----
Kristian Fiskerstrand
Blog:
On 08/08/2017 03:27 PM, Kristian Fiskerstrand wrote:
> There are likely a few different questions resulting from this (my own
> opinions in separate email).
And here they come
> (i) Should we use git for revision control instead of mercurial?
I'm personally more involved in proj
ii) possibly invalidates (i) and (ii) as the workflow is
simplified (hg export), so in terms of the processes of commits and we'd
avoid any move (wiki and issue tracker stays the same).
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptu
he "missing" Host field).
>
>The IP that is querying my server belongs to Amazon's AWS. Requests
>look
>the same, every 2 seconds a "GET /".
>
>
>>> There might be a clue in the host header if you could log that? I
>use
>>> this nginx
On 07/15/2017 01:34 PM, Kristian Fiskerstrand wrote:
> On 07/15/2017 11:39 AM, Moritz Wirth wrote:
>> Good morning everybody,
>>
>> is it possible to loadbalance SKS/Nginx using multiple A records for the
>> hostname?
>
> The keyserver pools operate as
dness, could result in exclusion from the pool.
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35
beddcd
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
"Money is better than poverty,
On 06/26/2017 06:16 PM, Andrew Gallagher wrote:
> OCaml appears to make (dis?)optimisations that trigger a rare Intel
> hyperthreading bug with increased probability.
The way I'm reading it is; When ocaml breaks it is due to a processor
misbehaving :)
--
--
k you for heads up, given that robots.txt wasn't previously tracked
but created directly on server there ended up a conflict on update for
the file...
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
the site just the
same; and the full data set is available and part of regular workflow
for bootstrapping own servers.
References:
[added it now]
https://git.sumptuouscapital.com/?p=sks-keyservers-pool.git;a=commit;h=b98e7522990961541165dfc23781a45a1a5e05a9
--
----
Kristi
On 06/20/2017 05:56 PM, Ari Trachtenberg wrote:
> Not quite ... each server can decide which keys it want s to accept.
> Bad actors will eventually fall out of favor with the others.
Now we presume a non-gossiping system of isolated servers
--
----
Kristian Fisker
begin with).
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
"If you choose to sa
rrected again on next run
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
"Better to keep yo
]
https://bugs.gentoo.org/show_bug.cgi?id=591326
[1]
https://caml.inria.fr/mantis/view.php?id=6517
[2]
https://bitbucket.org/skskeyserver/sks-keyserver/issues/42/unbundle-cryptokit-sks-incompatible-with
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapi
them given their own trustdb/wot calculation rather than
relying on a third party that doen't provide a security assertion to
begin with.
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP
me
was introduced for these setups, so hostname is the shared cluster
addresse whereby nodename can be used to identify specific nodes.
--
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
prings to mind is multiple instances of SKS behind the
reverse proxy to distribute the load (I run two instances myself - and
that is for lesser load). Would just need separate key port and do local
reconciliation only between them necessary , can make sure stats page
(?op=stats) only reaches the pri
es, it was an instance of a one line patch can never go wrong...
--
----
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35
[Sent from my iPad, as it is not a secured device there are no cryptographic
keys on this device, meaning this message is sent without an OpenPGP signature.
In general you should *not* rely on any information sent over such an unsecure
channel, if you find any information controversial or un-e
f
others have identified interesting behavior from certain clients.
As for gateway solutions , as far as I'm aware at least Symantec Encryption
Server (former PGP Universal) only check LDAP (and not that either by default),
but peripdic keyyring refreshes etc is natur
On 04/02/2017 06:00 PM, Pete Stephenson wrote:
> On Sun, Apr 2, 2017 at 12:44 PM, Kristian Fiskerstrand
> wrote:
>> On 04/02/2017 07:07 AM, Phil Pennock wrote:
>>> We need to know it won't break clients. So, setting up a keyserver
>>> where dual-stack is
1 - 100 of 614 matches
Mail list logo