Hi guys,
since I've recently checked (and understood :) ) the difference of SSL
ciphers, I've build up a cypherlist which is currently used on
keyserver.secretresearchfacility.com (part of hkps pool)
The following syntax is for Apache, but can easily be changed for
lighttpd or nginx.
SSLEngine
Hey folks,
I have some questions on which I need some pointers.
First, -nodiskptree: To my understanding this would result in longer
startup-times, more memory consumption but faster lookups. So the ptree
is generated, but kept in ram. Final analysis: Enabling this option
would speed up lookups
Hi Christian,
thank you for offering the dumps! :-)
About the -nodiskptree option... please correct me if I am wrong,
but wouldn't the operating system's disk reading cache render this
option useless? At least it seems to be like this on my Kubuntu
desktop - with sufficient free memory, I can
My SKS instance is behind a reverse proxy, plaintext on the standard
port. I have connections on port 80 that reference my server name
forwarded to localhost:11371. I assume this is port 80 HKP, and works
for me through my at-work proxy.
Is HKPS basically doing the same thing, but wrapping the
Hey,
hkps is basically a 443 to hkp forward - I am using nginx for that. Just
be SURE you do NOT use SNI or rely/ need a vhost/hostname as some
client/most clients (gnupg) do not send this information. It is actually
only feasible on a dedicated IP for SKS where Port 443 is solely used
for
On 11.02.2014 08:38, Christian Reiß wrote:
[...]
Also I am using puppet to deploy the sks server. Anyone else using
puppet? membership file (et all) is managed over hiera. So if we have
any puppet3 users I am glad to share.
Lastly, I wrote a (10 liner) php-script that queries the
sks-keyserver
On 02/11/2014 10:27 AM, Christian Reiß wrote:
hkps is basically a 443 to hkp forward - I am using nginx for that. Just
be SURE you do NOT use SNI or rely/ need a vhost/hostname as some
client/most clients (gnupg) do not send this information. It is actually
only feasible on a dedicated IP for
On 02/11/2014 10:48 AM, Kristian Fiskerstrand wrote:
By default stats are updated once a day, for more than this you need
to send a USR2-signal to sks.
In particular, you need to send USR2 to sks db, not sks recon. And
note that while sks db is calculating stats, it cannot serve HKP
requests.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 02/11/2014 04:53 PM, Daniel Kahn Gillmor wrote:
On 02/11/2014 10:48 AM, Kristian Fiskerstrand wrote:
By default stats are updated once a day, for more than this you
need to send a USR2-signal to sks.
In particular, you need to send USR2 to
Hey,
I am not saying it can't be done. Yes it is possible with your setup,
but that some clients to not send vhost/domain data along with the
request and expect the hostname of the sks server to match the default
cert. So unless you are serving the hkps per default on your server you
might break
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 02/11/2014 05:08 PM, Christian Reiß wrote:
Hey,
I am not saying it can't be done. Yes it is possible with your
setup, but that some clients to not send vhost/domain data along
with the request and expect the hostname of the sks server to
Hi guys,
Am 11.02.2014 14:16, schrieb Stephan Seitz:
Hi guys,
since I've recently checked (and understood :) ) the difference of SSL
ciphers, I've build up a cypherlist which is currently used on
keyserver.secretresearchfacility.com (part of hkps pool)
The following syntax is for Apache,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
Am 11.02.2014 16:59, schrieb Kristian Fiskerstrand:
On 02/11/2014 04:53 PM, Daniel Kahn Gillmor wrote:
On 02/11/2014 10:48 AM, Kristian Fiskerstrand wrote:
By default stats are updated once a day, for more than this you
need to send a
hkps is basically a 443 to hkp forward - I am using nginx for that. Just
be SURE you do NOT use SNI or rely/ need a vhost/hostname as some
client/most clients (gnupg) do not send this information. It is actually
only feasible on a dedicated IP for SKS where Port 443 is solely used
for
On 02/11/2014 01:58 PM, Benny Baumann wrote:
Am 11.02.2014 16:59, schrieb Kristian Fiskerstrand:
Unless you run it in a clustered setup where the different members
calculate it on different times and the frontend passes the request on
before timeout :p
Its almost instantly for my maschine
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 02/11/2014 08:19 PM, Daniel Kahn Gillmor wrote:
On 02/11/2014 01:58 PM, Benny Baumann wrote:
Am 11.02.2014 16:59, schrieb Kristian Fiskerstrand:
Unless you run it in a clustered setup where the different
members calculate it on different
Hi there,
Quoting Daniel Kahn Gillmor d...@fifthhorseman.net:
On a pretty decent machine (zimmermann.mayfirst.org), i'm seeing the
following duration in the logs:
2014-02-11 19:17:17 Calculating DB stats
2014-02-11 19:17:49 Done calculating DB stats
so that's over half a minute of blocked
Hi,
Am 11.02.2014 20:19, schrieb Daniel Kahn Gillmor:
On 02/11/2014 01:58 PM, Benny Baumann wrote:
Am 11.02.2014 16:59, schrieb Kristian Fiskerstrand:
Unless you run it in a clustered setup where the different members
calculate it on different times and the frontend passes the request on
On 02/11/2014 02:19 PM, Daniel Kahn Gillmor wrote:
On 02/11/2014 01:58 PM, Benny Baumann wrote:
Am 11.02.2014 16:59, schrieb Kristian Fiskerstrand:
Unless you run it in a clustered setup where the different members
calculate it on different times and the frontend passes the request on
before
It has come to the point in cleaning up my infrastructure due to
finances that I am looking to have to shutter the host that runs
keyserver.undergrid.net on. The good news is that I'll be able to
maintain the hostname and simply point it to sks.undergrid.net which is
my 3-node cluster that
On 2/11/2014 11:06 AM, Gabor Kiss wrote:
hkps is basically a 443 to hkp forward - I am using nginx for that. Just
be SURE you do NOT use SNI or rely/ need a vhost/hostname as some
client/most clients (gnupg) do not send this information. It is actually
only feasible on a dedicated IP for SKS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 02/11/2014 10:13 PM, Falcon Darkstar Momot wrote:
On 2/11/2014 11:06 AM, Gabor Kiss wrote:
hkps is basically a 443 to hkp forward - I am using nginx for
that. Just be SURE you do NOT use SNI or rely/ need a
vhost/hostname as some client/most
22 matches
Mail list logo