Re: Desperately Seeking Kristian - SKS HKPS certificate renewals

2020-06-23 Thread Kristian Fiskerstrand
t should also be avalable fresh copy through wkd) -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 510

Re: Debian sks.service: Main process exited, code=killed, status=11/SEGV

2020-02-26 Thread Kristian Fiskerstrand
; > > I'd guess it hitting a stack limit during merge of a large key. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5

Re: hkps.pool.sks-keyservers.net DNS failing to resolve

2020-01-16 Thread Kristian Fiskerstrand
d for any actual issues anyways), but won't get around to actually updating the crl until this evening or more likely tomorrow as that requires special access. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk -

Re: hkps.pool.sks-keyservers.net DNS failing to resolve

2020-01-15 Thread Kristian Fiskerstrand
On 15.01.2020 02:28, Todd Fleisher wrote: > Hopefully Kristian finds and fixes his issue in the morning. thanks for the heads up everyone; should be back up on next update run (cause: crl expired) -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.

Re: cant build dabase

2019-12-13 Thread Kristian Fiskerstrand
On 13.12.2019 00:56, Skip Carter wrote: > correction, the errors are stackoverflows not segfaults > ulimit -s unlimited before building. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public O

Re: [Sks-devel] Status page problem

2019-08-23 Thread Kristian Fiskerstrand
> Regards > > Gabor > -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 Corruptissima re publi

Re: [Sks-devel] Sks-devel Digest, Vol 184, Issue 26

2019-08-22 Thread Kristian Fiskerstrand
> >eMail: ja...@insect.com <mailto:ja...@insect.com> >Phone: (910) 689.0557 > (800) 284.7872 >Fax: (910) 689.0558 > > > >> On Aug 22, 2019, at 12:14 PM, Kristian Fiskerstrand > wrote: >> >> On 22.08.2019 18:08, Jason John Schwarz wrote: >&

Re: [Sks-devel] Sks-devel Digest, Vol 184, Issue 26

2019-08-22 Thread Kristian Fiskerstrand
ionally you specify it on a per user basis in /etc/security/limits.conf . See also man ulimit for a one-off, e.g ulimit -s unlimited before starting sks. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Pub

Re: [Sks-devel] Shutting down keyserver.zap.org.au

2019-08-21 Thread Kristian Fiskerstrand
Fwiw, that error sounds like too small stack size for the process - in an alternative universe it would be interesting to hear your experience running with a higher stack limit On August 21, 2019 9:16:05 PM GMT+02:00, John Zaitseff wrote: >It is with feelings of sadness and regret that I will

Re: [Sks-devel] extending status pages

2019-07-30 Thread Kristian Fiskerstrand
See Membership fileSee reference membership file On July 30, 2019 9:51:31 PM GMT+02:00, "Kiss Gabor (Bitman)" wrote: >Dear Kristian, > >I have a suggestion about status pages. >Would you mind to provide information about what other hosts >consider a given server as a peer? > >I mean it could be

Re: [Sks-devel] SKS initial key load issue

2019-07-28 Thread Kristian Fiskerstrand
My guess is you need to increase stack size On July 28, 2019 5:37:58 PM GMT+02:00, Marcin Gondek wrote: >Hello All, > >Can someone help me or instruct why every time I do initial key load >i'm getting always getting segfault? >I've tried with many dump and always is the same. >MD5 are ok about p

Re: [Sks-devel] Website down

2019-07-10 Thread Kristian Fiskerstrand
Yes, it is a scheduled power outage and should be back up soon, the pool itself functions but wont update in the window. On July 10, 2019 1:29:29 PM GMT+02:00, "Kiss Gabor (Bitman)" wrote: >Dear Kristian, > >I wonder if you know that https://sks-keyservers.net/ is unreachable? > >Regards > >Gab

Re: [Sks-devel] Gossip protocol mentor?

2019-06-30 Thread Kristian Fiskerstrand
KS recon is implemented in the conflux libary and documentation. https://hockeypuck.github.io/ https://gopkg.in/hockeypuck/conflux.v2 -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keybl

Re: [Sks-devel] The pool is shrinking

2019-06-21 Thread Kristian Fiskerstrand
g. Not that much, but you need at least 8 GiB of RAM allocated for each node and sufficient swap or recon will often get OOM-killed. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock a

Re: [Sks-devel] The pool is shrinking

2019-06-21 Thread Kristian Fiskerstrand
of complaints I get from users has dropped significantly). And its not really a strict requirement, one can set up VMs / chroots for it on a relatively small server. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk

Re: [Sks-devel] understanding error message

2019-06-04 Thread Kristian Fiskerstrand
Have you run sks cleandb during setup phase? The setup scripts should include it.. On June 4, 2019 3:38:38 AM GMT+02:00, Skip Carter wrote: >my recon logs have messages like these: > > > error in callback.: Failure("configuration of >remote host () rejected: filters do >not match.\n\tlocal filt

Re: [Sks-devel] Keyservers and GDPR

2019-05-27 Thread Kristian Fiskerstrand
poradically due to merges. Now, this is somewhat better for the general pool since https://dev.gnupg.org/T4175 results in retry on failover for 5xx codes, but has caused a lot of problem reports in the past and not all distros ship this in stable versions. -- --

Re: [Sks-devel] IPv6 status

2019-04-25 Thread Kristian Fiskerstrand
blocked by firewall or something? curl "http://[2001:738:0:600:216:3eff:fe02:42]:11371/pks/lookup?op=stats"; .. times out from the system ipv6 tests are done on -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk --

Re: [Sks-devel] DNS broken for hkps.pool.sks-keyservers.net

2019-03-18 Thread Kristian Fiskerstrand
in case he filters sks-devel mail. > Well, its a simple enough issue. the CRL expired, so no host validated anymore.. Services should be returning to normal soon enough. Thanks for the ping. -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twi

Re: [Sks-devel] Data protection concern[Ref. RFA0751305]

2019-03-08 Thread Kristian Fiskerstrand
On 3/8/19 3:19 PM, Andrew Gallagher wrote: > On 08/03/2019 14:15, Kristian Fiskerstrand wrote: >> The ICO has concluded in this case and no further action will be taken >> from them. > > Was there any legal reasoning attached to this decision? It was a relatively good

Re: [Sks-devel] Data protection concern[Ref. RFA0751305]

2019-03-08 Thread Kristian Fiskerstrand
On 2/19/19 6:13 PM, Kristian Fiskerstrand wrote: > Hi, > > In order to get a fruitful dialogue on these matters, some > clarifications regarding the role of the sks-keyservers.net pool of > keyservers seems necessary. > The ICO has concluded in this case and no further action

Re: [Sks-devel] SKS scaling configuration

2019-03-05 Thread Kristian Fiskerstrand
s_header Server; add_header Via "1.1 keys2.kfwebs.net"; proxy_ignore_client_abort on; } } -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.ne

Re: [Sks-devel] Data protection concern[Ref. RFA0751305]

2019-02-19 Thread Kristian Fiskerstrand
s we send and receive when dealing with > casework. Not only are we obliged to deal with these in accordance with > the access provisions of the data protection framework and the Freedom > of Information Act 2000, it is in the public interest that we are open > an

Re: [Sks-devel] "SKS is effectively running as end-of-life software at this point"?

2019-02-07 Thread Kristian Fiskerstrand
d implementation. The current disagreement are really with regards to whether this should be "validating keyservers" or not, and how such servers could interact with non-validating ones. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuo

Re: [Sks-devel] Unusual traffic for key 0x69D2EAD9 and 0xB33B4659

2019-01-30 Thread Kristian Fiskerstrand
for 10 minutes in nginx, which really makes life more pleasant. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B6

Re: [Sks-devel] Withdrawal of Service - keys.flanga.io

2018-11-16 Thread Kristian Fiskerstrand
On 11/16/18 2:08 AM, Matthew Walster wrote: > Good lord, Kristian, you have to deal with these people on a regular basis? Yes -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock

Re: [Sks-devel] Withdrawal of Service - keys.flanga.io

2018-11-15 Thread Kristian Fiskerstrand
eing a part of the ecosystem (as long as users understand their position). -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 561

Re: [Sks-devel] New Article on SKS-Keyservers

2018-11-15 Thread Kristian Fiskerstrand
r-network-and-its-maintainers-dont-fd829297d75e >> This is the email correspondence involved; https://download.sumptuouscapital.com/tmp/re_new-article.eml.txt -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk ---

Re: [Sks-devel] Changes to requirements for the HKPS pool

2018-09-19 Thread Kristian Fiskerstrand
On 7/3/18 11:01 PM, Phil Pennock wrote: > On 2018-07-03 at 12:51 +0200, Kristian Fiskerstrand wrote: >> However, going forwards I'm going to request additional information >> about the server hardware (already requesting info on line capacity for >> SRV pool purposes)

Re: [Sks-devel] Clustering

2018-08-28 Thread Kristian Fiskerstrand
d be the usual advantages if there are other outages, e.g during system upgrade, but for the purposes we're talking it just needs to be multiple instances. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk

Re: [Sks-devel] Clustering (Was: New Keyservers and Dumps)

2018-08-27 Thread Kristian Fiskerstrand
-expected send a response and request a signed confirmation] > On 26 Aug 2018, at 18:44, Alain Wolf wrote: > > Hi > > Am 24.08.2018 um 14:36 wrote Kristian Fiskerstrand: >> On 08/24/2018 11:36 AM, Gabor Kiss wrote: >>> A question: >>> Does an SKS cluster ne

Re: [Sks-devel] No status page

2018-08-24 Thread Kristian Fiskerstrand
On 08/24/2018 06:58 PM, Kristian Fiskerstrand wrote: > On 08/24/2018 06:56 PM, Kiss Gabor (Bitman) wrote: >> Dear Kristian, >> >> Page https://sks-keyservers.net/status/ contains no key servers. > > Yup, I'm on it > Not entirely sure what went wrong

Re: [Sks-devel] No status page

2018-08-24 Thread Kristian Fiskerstrand
On 08/24/2018 06:56 PM, Kiss Gabor (Bitman) wrote: > Dear Kristian, > > Page https://sks-keyservers.net/status/ contains no key servers. Yup, I'm on it -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twi

Re: [Sks-devel] New Keyservers and Dumps

2018-08-24 Thread Kristian Fiskerstrand
ustered setups are more important for the ecosystem than even more individual servers. > EKG > > >> On Aug 23, 2018, at 9:49 AM, Kristian Fiskerstrand >> wrote: >> >> On 08/20/2018 03:26 PM, Eric Germann wrote: >>> I’ve reworked the keyserver fleet we’d pre

Re: [Sks-devel] Clustering (Was: New Keyservers and Dumps)

2018-08-24 Thread Kristian Fiskerstrand
for each node. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 "My father used to say

Re: [Sks-devel] New Keyservers and Dumps

2018-08-23 Thread Kristian Fiskerstrand
e into hkps pool, in particular since noticing an interesting feature if only one server is included, which disables pool behavior in dirmngr and results in TLS error / generic error due to CA pem not being loaded... -- ---- Kristian Fiskerstrand

Re: [Sks-devel] Changes to requirements for the HKPS pool

2018-07-03 Thread Kristian Fiskerstrand
On 07/03/2018 12:51 PM, Kristian Fiskerstrand wrote: > Although the requirements to get included in the HKPS pool have so far > been a bit subjective and changing over time as I've gotten more > experience (and balancing out the requirements for the pool - it is not > the point

[Sks-devel] Changes to requirements for the HKPS pool

2018-07-03 Thread Kristian Fiskerstrand
setup to allow gossipping), and servers that do caching on the reverse proxy. Additionally low-CPU/low-memory setups will not be permitted into the HKPS pool. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk

Re: [Sks-devel] Keyserver Network Down?

2018-06-19 Thread Kristian Fiskerstrand
On 06/19/2018 11:17 PM, Kristian Fiskerstrand wrote: > On 06/19/2018 11:09 PM, Kristian Fiskerstrand wrote: >> On 06/19/2018 10:53 PM, Matthew Walster wrote: >>> The keyserver status page seems broken also: >>> https://sks-keyservers.net/status/ >> >> This

Re: [Sks-devel] Keyserver Network Down?

2018-06-19 Thread Kristian Fiskerstrand
On 06/19/2018 11:09 PM, Kristian Fiskerstrand wrote: > On 06/19/2018 10:53 PM, Matthew Walster wrote: >> The keyserver status page seems broken also: >> https://sks-keyservers.net/status/ > > This was an intermittent failure, should be back up now.. Needed to > shift

Re: [Sks-devel] Keyserver Network Down?

2018-06-19 Thread Kristian Fiskerstrand
On 06/19/2018 10:53 PM, Matthew Walster wrote: > The keyserver status page seems broken also: > https://sks-keyservers.net/status/ This was an intermittent failure, should be back up now.. Needed to shift around some primaries to bootstrap the crawler. -- ---- Kr

Re: [Sks-devel] Keyservers and GDPR

2018-05-23 Thread Kristian Fiskerstrand
be fine. > > More elaboration in German: > https://netzpolitik.org/2018/bussgelder-bei-datenschutzverstoessen-angst-vor-einem-phantom/ > > > Disclaimer: IANAL. This is not legal advice. > > > > ___ > Gnupg-devel mailing l

Re: [Sks-devel] Strange case

2018-05-20 Thread Kristian Fiskerstrand
On 05/20/2018 10:14 PM, Kristian Fiskerstrand wrote: > On 05/20/2018 01:31 AM, Webmaster IspFontela wrote: >> >> Now we just need to find out why the server a.0.keysnode.ispfontela.es >> on the list https://sks-keyservers.net/status/ has disappeared, I guess >> th

Re: [Sks-devel] Strange case

2018-05-20 Thread Kristian Fiskerstrand
misbehaving with redirect for 11371 to 443 -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B

Re: [Sks-devel] Inconsistency on vindex page with machine-readable flag set or unset?

2018-05-09 Thread Kristian Fiskerstrand
g. But it is so long ago I don't recall if we checked if it was used everywhere. -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keys

Re: [Sks-devel] Implications of GDPR

2018-04-30 Thread Kristian Fiskerstrand
anyways), but the whole GDPR is a mess to begin with. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618

Re: [Sks-devel] Cease of operation: *.gnupg.pub

2018-04-24 Thread Kristian Fiskerstrand
ut the original report reads too much like a rant and has insufficient info to comment much. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AF

Re: [Sks-devel] Cease of operation: *.gnupg.pub

2018-04-24 Thread Kristian Fiskerstrand
torvalds-github/ and comments starting with at least https://github.com/torvalds/linux/pull/17#issuecomment-5654674 -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://poo

Re: [Sks-devel] disk space

2018-04-23 Thread Kristian Fiskerstrand
[Sent from my iPad, as it is not a secured device there are no cryptographic keys on this device, meaning this message is sent without an OpenPGP signature. In general you should *not* rely on any information sent over such an unsecure channel, if you find any information controversial or un-e

Re: [Sks-devel] SKS apocalypse mitigation

2018-03-24 Thread Kristian Fiskerstrand
t responds to a specific alteration; mainly we need to specify a specific filter for a specific version and move from there, which can be relatively easy given sufficient time. > > --dkg > > [0] see for example > https://bitbucket.org/skskeyserver/sks-keyserver/pull-request/20/trim

Re: [Sks-devel] TLS 1.3 and HKPS pool

2018-03-19 Thread Kristian Fiskerstrand
in the deluge of meltdown/spectre/memcached) so I don’t see the need/reason > to disable TLS1.2 I was referring to server operators here, not clients, if that wasn't clear :) -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk -

Re: [Sks-devel] TLS 1.3 and HKPS pool

2018-03-19 Thread Kristian Fiskerstrand
) Now.. if anyone were to actually disable everything but 1.3, that'd be exclusion worthy from the pool, but lets do this manually if so. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public

Re: [Sks-devel] Machine readable version of SKS key server stats

2018-02-15 Thread Kristian Fiskerstrand
On 02/15/2018 09:46 AM, Kristian Fiskerstrand wrote: > On 02/15/2018 05:51 AM, Eric Germann wrote: >> Good evening all, >> >> Are there any docs anywhere regarding the HTTP request that can be made on >> port 11371? >> >> Specifically, wondering if /p

Re: [Sks-devel] Machine readable version of SKS key server stats

2018-02-15 Thread Kristian Fiskerstrand
for server stats, etc. > > Thanks for any pointers. > > EKG Look at json format for &options=mr on a hockeypuck server -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock

Re: [Sks-devel] SKS Statistcs

2018-02-03 Thread Kristian Fiskerstrand
pital.com/?p=munin-sks.git;a=summary Keep in mind stats by default are updated once a day and by convention hourly through system signals -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP c

Re: [Sks-devel] disk space

2018-01-20 Thread Kristian Fiskerstrand
e some archived DB files using db*_archive? -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618

Re: [Sks-devel] Krisitian?

2018-01-17 Thread Kristian Fiskerstrand
ck privately. > >Thanks > >EKG I've gotten the emails :) still doing due dilligence for csr decision of whether to sign or not, server is a bit nee and I prefer strongly connected (wot strongset) operators -- Kristian Fiskerstrand Blog

Re: [Sks-devel] Fwd: Re: Fwd: Re: Unde(r)served HKPS [was: Underserved areas?]

2018-01-14 Thread Kristian Fiskerstrand
g who didn't know the first thing about security hardcoded > that certificate into the software. To make sure this isn't un-challenged in the archives, the secret key never touches an online system, all operations are done on airgapped setup. -- --

Re: [Sks-devel] Unde(r)served HKPS [was: Underserved areas?]

2018-01-14 Thread Kristian Fiskerstrand
On 01/14/2018 08:46 PM, Kristian Fiskerstrand wrote: > From a privacy perspective, then yes, using HKPS transport is better, > but it doesn't improve anything if malicious servers are included in > some way that records information anyways, so having all servers > included re

Re: [Sks-devel] Unde(r)served HKPS [was: Underserved areas?]

2018-01-14 Thread Kristian Fiskerstrand
geographical sub-pools are doing anything re HKPS, that is a single global pool. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3

Re: [Sks-devel] Unde(r)served HKPS [was: Underserved areas?]

2018-01-14 Thread Kristian Fiskerstrand
prised about this discussion, nobody is required to use a single pool of keyservers. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:9

Re: [Sks-devel] Unde(r)served HKPS [was: Underserved areas?]

2018-01-11 Thread Kristian Fiskerstrand
cripts distributed >with >> the SKS software package. >> >> I don't think I am really qualified for designing new security >> protocols, but the idea doesn't go out of my head. Sorry for the long >post. >> >> Regards >> >> Alain >>

Re: [Sks-devel] sks-keyservers.net / status / keyserver.ispfontela.es

2017-12-18 Thread Kristian Fiskerstrand
On 12/18/2017 10:00 PM, Webmaster IspFontela wrote: > > The only change I've made has been to add 2 new peers > > What has happened? Seems the stats page is a non-standard one so it just fails scraping the data. -- ---- Kristian Fiskers

Re: [Sks-devel] "funny sks :-)" eh?

2017-12-17 Thread Kristian Fiskerstrand
> this infrastructure. That is actually a few years old, using the regular [trollwot] > > http://keys.niif.hu/pks/lookup?op=vindex&search=0x0B7F8B60E3EDFAE3 > (scroll down) > References: [trollwot] https://raw.githubusercontent.com/micahflee/trollwot/master/trollwot.pdf -

Re: [Sks-devel] Emergency Maintenance: sks.mirror.square-r00t.net

2017-12-10 Thread Kristian Fiskerstrand
On 12/10/2017 11:20 PM, brent s. wrote: > On 12/10/2017 05:15 PM, Kristian Fiskerstrand wrote: >> Good that things are restored, but to try to debug this more generally, >> can you confirm you used fastbuild rather than a full build originally? > > full build has always b

Re: [Sks-devel] Emergency Maintenance: sks.mirror.square-r00t.net

2017-12-10 Thread Kristian Fiskerstrand
Good that things are restored, but to try to debug this more generally, can you confirm you used fastbuild rather than a full build originally? In that case the offsets referenced can have been changed during this process, and the behavior being within the expected behavior. --

Re: [Sks-devel] Cleanup SKS Logs

2017-12-08 Thread Kristian Fiskerstrand
existing data stores. Some changes to config requires recreating the BDB environment, which can be done using the UPGRADING procedures, but you'd mostly need to do that if experiencing issues / it not taking. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptu

Re: [Sks-devel] mailsync usage

2017-12-08 Thread Kristian Fiskerstrand
On 12/08/2017 08:34 PM, Fabian A. Santiago wrote: > is there any reason to enable mailsync functionality? does anyone out there > still use it? tl,dr; No -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @k

Re: [Sks-devel] Cleanup SKS Logs

2017-12-06 Thread Kristian Fiskerstrand
nfo on manual procedure in UPGRADING file, specifically look for db5.3_archive or similar for your distribution (there are some differences in naming conventions etc for multiple versions) -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @k

Re: [Sks-devel] Missing peers on status page

2017-10-04 Thread Kristian Fiskerstrand
though, hopefully that sorts it. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 ---

Re: [Sks-devel] Missing peers on status page

2017-10-04 Thread Kristian Fiskerstrand
On 10/04/2017 02:52 PM, Frank de Bot wrote: > Wouldn't this cause to also route a search with 'stats' only to the > primary server? ;-) $arg_op in this case actually means "?op" as key, its not an arbitrary key in the querystring :) -- ----

Re: [Sks-devel] Missing peers on status page

2017-10-04 Thread Kristian Fiskerstrand
sks_server_primary are defined as upstream -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 -

Re: [Sks-devel] Missing peers on status page

2017-10-04 Thread Kristian Fiskerstrand
tal.com/tmp/Screenshot_2017-10-04-08-52-45.png -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 "W

Re: [Sks-devel] Raising the floor for the pool to SKS version 1.1.6 [was: Re: Importing ed25519 subkeys from SKS < 1.1.6]

2017-09-06 Thread Kristian Fiskerstrand
increase in requirement in main pool will automatically affect the subpools. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 561

Re: [Sks-devel] Raising the floor for the pool to SKS version 1.1.6 [was: Re: Importing ed25519 subkeys from SKS < 1.1.6]

2017-09-06 Thread Kristian Fiskerstrand
or membership in all the > pools. already done -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8

[Sks-devel] sks-keyservers.net: increased minimum requirement to SKS 1.1.6

2017-09-06 Thread Kristian Fiskerstrand
devel/2017-September/033063.html -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED

Re: [Sks-devel] Internal SKS in .de, Hamburg looking for peers.

2017-08-23 Thread Kristian Fiskerstrand
fault 11371) to your peers at least to allow exchange of some public keyblocks. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109

Re: [Sks-devel] hg workflow pointers

2017-08-11 Thread Kristian Fiskerstrand
ith due to social graph leak. ... noting of which is a result of the choie of VCS impacting this to a great extent. If anything we'd need to rewrite the full codebase in C for such an argument to be made. -- ---- Kristian Fiskerstrand Blog: https://blog.sumpt

Re: [Sks-devel] hg workflow pointers

2017-08-11 Thread Kristian Fiskerstrand
m mercurial queues etc. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 --

Re: [Sks-devel] hg workflow pointers

2017-08-08 Thread Kristian Fiskerstrand
On 08/08/2017 03:27 PM, Kristian Fiskerstrand wrote: > that is added > as a single commit upon qmerge To avoid any ambiguity, this should be qfinish... qmerge is similar step in the Gentoo Portage process... -- ---- Kristian Fiskerstrand Blog:

Re: [Sks-devel] hg workflow pointers

2017-08-08 Thread Kristian Fiskerstrand
On 08/08/2017 03:27 PM, Kristian Fiskerstrand wrote: > There are likely a few different questions resulting from this (my own > opinions in separate email). And here they come > (i) Should we use git for revision control instead of mercurial? I'm personally more involved in proj

Re: [Sks-devel] hg workflow pointers

2017-08-08 Thread Kristian Fiskerstrand
ii) possibly invalidates (i) and (ii) as the workflow is simplified (hg export), so in terms of the processes of commits and we'd avoid any move (wiki and issue tracker stays the same). -- ---- Kristian Fiskerstrand Blog: https://blog.sumptu

Re: [Sks-devel] Dealing with abusive clients

2017-07-20 Thread Kristian Fiskerstrand
he "missing" Host field). > >The IP that is querying my server belongs to Amazon's AWS. Requests >look >the same, every 2 seconds a "GET /". > > >>> There might be a clue in the host header if you could log that? I >use >>> this nginx

Re: [Sks-devel] SKS Loadbalancing over DNS

2017-07-15 Thread Kristian Fiskerstrand
On 07/15/2017 01:34 PM, Kristian Fiskerstrand wrote: > On 07/15/2017 11:39 AM, Moritz Wirth wrote: >> Good morning everybody, >> >> is it possible to loadbalance SKS/Nginx using multiple A records for the >> hostname? > > The keyserver pools operate as

Re: [Sks-devel] SKS Loadbalancing over DNS

2017-07-15 Thread Kristian Fiskerstrand
dness, could result in exclusion from the pool. -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35

Re: [Sks-devel] OCaml vs hyperthreading

2017-07-06 Thread Kristian Fiskerstrand
beddcd -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 "Money is better than poverty,

Re: [Sks-devel] OCaml vs hyperthreading

2017-06-26 Thread Kristian Fiskerstrand
On 06/26/2017 06:16 PM, Andrew Gallagher wrote: > OCaml appears to make (dis?)optimisations that trigger a rare Intel > hyperthreading bug with increased probability. The way I'm reading it is; When ocaml breaks it is due to a processor misbehaving :) -- --

Re: [Sks-devel] Request: Install an efficient robots.txt file

2017-06-23 Thread Kristian Fiskerstrand
k you for heads up, given that robots.txt wasn't previously tracked but created directly on server there ended up a conflict on update for the file... -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk

Re: [Sks-devel] Request: Install an efficient robots.txt file

2017-06-22 Thread Kristian Fiskerstrand
the site just the same; and the full data set is available and part of regular workflow for bootstrapping own servers. References: [added it now] https://git.sumptuouscapital.com/?p=sks-keyservers-pool.git;a=commit;h=b98e7522990961541165dfc23781a45a1a5e05a9 -- ---- Kristi

Re: [Sks-devel] Request: Install an efficient robots.txt file

2017-06-20 Thread Kristian Fiskerstrand
On 06/20/2017 05:56 PM, Ari Trachtenberg wrote: > Not quite ... each server can decide which keys it want s to accept. > Bad actors will eventually fall out of favor with the others. Now we presume a non-gossiping system of isolated servers -- ---- Kristian Fisker

Re: [Sks-devel] Request: Install an efficient robots.txt file

2017-06-20 Thread Kristian Fiskerstrand
begin with). -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 "If you choose to sa

Re: [Sks-devel] No IPv6

2017-06-08 Thread Kristian Fiskerstrand
rrected again on next run -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 "Better to keep yo

Re: [Sks-devel] Long-form keyids and ocaml 4.02.3

2017-06-04 Thread Kristian Fiskerstrand
] https://bugs.gentoo.org/show_bug.cgi?id=591326 [1] https://caml.inria.fr/mantis/view.php?id=6517 [2] https://bitbucket.org/skskeyserver/sks-keyserver/issues/42/unbundle-cryptokit-sks-incompatible-with -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapi

Re: [Sks-devel] Long-form keyids and ocaml 4.02.3

2017-06-04 Thread Kristian Fiskerstrand
them given their own trustdb/wot calculation rather than relying on a third party that doen't provide a security assertion to begin with. -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP

Re: [Sks-devel] wserver_timeout value causing cascading failure?

2017-05-13 Thread Kristian Fiskerstrand
me was introduced for these setups, so hostname is the shared cluster addresse whereby nodename can be used to identify specific nodes. -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk

Re: [Sks-devel] wserver_timeout value causing cascading failure?

2017-04-24 Thread Kristian Fiskerstrand
prings to mind is multiple instances of SKS behind the reverse proxy to distribute the load (I run two instances myself - and that is for lesser load). Would just need separate key port and do local reconciliation only between them necessary , can make sure stats page (?op=stats) only reaches the pri

Re: [Sks-devel] sks-keyserves.net Down?

2017-04-14 Thread Kristian Fiskerstrand
es, it was an instance of a one line patch can never go wrong... -- ---- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35

Re: [Sks-devel] ECC HTTPS certs for HKPS

2017-04-03 Thread Kristian Fiskerstrand
[Sent from my iPad, as it is not a secured device there are no cryptographic keys on this device, meaning this message is sent without an OpenPGP signature. In general you should *not* rely on any information sent over such an unsecure channel, if you find any information controversial or un-e

Re: [Sks-devel] ECC HTTPS certs for HKPS

2017-04-02 Thread Kristian Fiskerstrand
f others have identified interesting behavior from certain clients. As for gateway solutions , as far as I'm aware at least Symantec Encryption Server (former PGP Universal) only check LDAP (and not that either by default), but peripdic keyyring refreshes etc is natur

Re: [Sks-devel] ECC HTTPS certs for HKPS

2017-04-02 Thread Kristian Fiskerstrand
On 04/02/2017 06:00 PM, Pete Stephenson wrote: > On Sun, Apr 2, 2017 at 12:44 PM, Kristian Fiskerstrand > wrote: >> On 04/02/2017 07:07 AM, Phil Pennock wrote: >>> We need to know it won't break clients. So, setting up a keyserver >>> where dual-stack is

  1   2   3   4   5   6   7   >