On Sat, 2015-11-14 at 01:15 +0100, Hendrik Grewe wrote:
> I would imagine not leaving the tor network through an exit is the
> benefit.
And what should be the benefit of that?
If tor works right, there is none, if it doesn't there wouldn't be any
either, when you "not leave it" when you hit the
On Sat, 2015-11-14 at 02:36 +0100, Alain Wolf wrote:
> >And what should be the benefit of that?
> What is the benefit of leaving Tor?
Well you can't argue like that, can you? At least it alone wouldn't be
argument enough for me to set up such service.
Running additional code, here tor, always
On Tue, 2014-04-29 at 12:52 +0200, Kiss Gabor (Bitman) wrote:
a.keyserver.pki.scientia.net Aug 4 15:32:48 2013 GMT
Well I've wrote Kristian an email with an new CSR some week or so
ago,... but no reply yet... or have I overseen something?
Cheers,
Chris
smime.p7s
Description: S/MIME
On Thu, 2013-09-19 at 13:41 -0400, Daniel Kahn Gillmor wrote:
but writing on debian?
# lsof /dev/random
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
haveged 3510 root4u CHR1,8 0t0 1045 /dev/random
sks 4488 debian-sks3r CHR1,8 0t0 1045
On Fri, 2013-09-13 at 20:33 -0400, Robert J. Hansen wrote:
In what bizarro universe is SKS an implementation of RFC4880?
Well it uses/processes OpenPGP message formats (i.e. by
storing/publishing them).
___
Sks-devel mailing list
Sks-devel@nongnu.org
On Fri, 2013-09-13 at 18:09 -0400, Daniel Kahn Gillmor wrote:
Did anyone on this list expect the keyserver network to
propagate non-exportable certifications?
Nah,... not really, IMHO it should be considered a bug, and ideally such
existing signatures should be removed if possible.
And I guess
On Tue, 2013-09-10 at 22:40 -0500, John Clizbe wrote:
2) As Christoph has already pointed out, this breaks the draft we try to
follow as our standard.
One should add though, that it's only a pseudo-standard... perhaps one
should pick up that work again and make a proper RFC out of it... one
On Sun, 2013-09-08 at 13:05 -0700, Geoffrey Irving wrote:
http://naml.us/trust
Should that be a live demo? It doesn't work here with FF 23.
Here's candidate patch implementing CORS.
Do you see any chances to implement all that without requiring remote
code/content (and thus CORS)?
I guess
On Tue, 2013-09-10 at 23:29 +0200, Stefan Tomanek wrote:
With this change, an additional line is appended to each search result when
using the machine readable output. This line is prefixed with fpr: and
contains the fingerprint of the key returned, making it possible to
distinguish
keys
On Wed, 2013-09-11 at 02:13 +0200, Stefan Tomanek wrote:
Just to be on the safe side, what about making the
fpr line depend on the fingerprint parameter?
I think that sounds generally reasonable... not only for being on the
save side... and I guess you're right and now client should fail.
On Fri, 2013-08-30 at 20:46 -0400, Jeffrey Johnson wrote:
Too many words, keep it KISS in plain speak.
Agreed...
First, it's not our job to educate people with respect to
cryptography/security in general... we should only focus on the
keyserver related issues, and as such we should IMHO rather
On Fri, 2013-08-16 at 13:41 +0200, Christian Felsing wrote:
does anybody know how to contact admin of keyserver.ubuntu.com?
I usually use r...@ubuntu.com... - also wait for them to act on my peering
entry right now ;)
Cheers,
Chris.
smime.p7s
Description: S/MIME cryptographic signature
On Wed, 2013-08-14 at 04:08 -0400, Phil Pennock wrote:
* stinkfoot.org
I'm one of it's two peers...
Not sure why reco doesn't work here... the server still uses my old DNS
name (i.e. without the a.) in front of it, but for IPv4 this should
work as long as I haven't added further addresses to the
On Wed, 2013-08-14 at 03:23 +0200, Petru Ghita wrote:
Are there some error messages that should be monitored on the log files?
Well apart from denied reconciliations (both as server client)... it's
probably interesting do monitor 417/5xx HTTP errors... (not sure though
whether SKS itself logs
On Mon, 2013-08-12 at 20:00 -0400, Phil Pennock wrote:
Perhaps of use for people wanting to explore the connectivity.
Quite nice...
Can we have this on a regularly updated basis on e.g.
sks-keyservers.net?
Perhaps also with 7 and 10 connections (or some reasonable numbers).
Not sure if it makes
Hi.
As mentioned previously I'm in the process of migrating/re-installing my
SKS instance at much better machine...
I run SKS 1.1.3 from Debian sid (which has BDB 5.1, IIRC).
Just for trying, I dumped the keydb from my old server, and made a full
build on the new one (which worked fine, i.e. no
Hi.
I just wondered whether mailsync is still required, or in other words
whether any non-SKS networks are left.
At a first short search I couldn't find any PKS server... pgp.mit.edu
used to be one for very long time, but I suggested them years ago to
switch to SKS, and IIRC they did.
Are
Hi.
I just wondered whether mailsync is still required, or in other words
whether any non-SKS networks are left.
At a first short search I couldn't find any PKS server... pgp.mit.edu
used to be one for very long time, but I suggested them years ago to
switch to SKS, and IIRC they did.
Are
Sorry for the double post (as for this post), used the wrong address
initially, and the moderator seemed to have let it through in the end.
Chris.
smime.p7s
Description: S/MIME cryptographic signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
On Wed, 2013-07-31 at 13:25 -0400, Phil Pennock wrote:
The core problem is not specific to VMs, just immensely more likely on
them, or Windows, than most modern Unix. The issue is that the current
timestamp was used as a uniqueness key.
I see... so what's the suggested action then when one
Hi.
I'll need to move my keyserver (keyserver.pki.scientia.net) to a new
host/IP (and perhaps I'll even change the domainname with that) in a few
days and wondered the following:
Since (IIRC) the 1.1.4 changelog mentioned that it added support for the
ECC keys... what does that mean for 1.1.3
On Mon, 2012-06-11 at 21:49 -0400, Phil Pennock wrote:
I'm thinking of creating a keyserver operator circle list, both set
to be public.
Is this really a good idea? I mean I'd like to see a sks-operators
mailing list... and this list should focus on development only... but
Twitter/G+/FB are not
On Mon, 2012-05-14 at 13:45 -0400, Jeffrey Johnson wrote:
of a Debian developer
AFAIK, neither Sebastian nor Jens are Debian Developers.
(see http://db.debian.org/)
Cheers,
Chris.
smime.p7s
Description: S/MIME cryptographic signature
___
Sks-devel
On Fri, 2012-05-11 at 00:34 +0200, Arnold wrote:
The readme says: This ... version ... is intended to humiliate and
expose the following persons
So, this version is not intended for me, despite the subject and the fact I
use Debian and the Debian distributed SKS. I'll just wait for the next
One follow up perhaps...
Sebastian and Jens (not sure which of you is actually responsible for
what).
It really doubt that you make much friends or reach you assumed aim
(getting new SKS versions proper into Debian) when negatively pointing
at all different places (just spotted some comments on
Jeffrey, it's a bit strange, to read you claiming Debian would have lack
of skill / etc. while you try to convince us of static linking, or at
least that's what I think you do.
Whether BDB has a big CVE record or not doesn't matter at all, as
security holes (or other critical) bugs can just
On Sun, 2012-04-29 at 16:03 -0500, John Clizbe wrote:
I wouldn't call the project's Google Code downloads page Unofficial :-)
Surely, but the advantage of distros having their repostories... you get
something that is tailored toward the distro and its other packages,...
someone (maintainer) has
On Fri, 2012-04-20 at 19:44 -0500, John Clizbe wrote:
See my message from last night with the 11:38PM CDT timestamp.
Upgrading for DB is pretty painless.
Well if this is not possible, just add a NEWS entry, fully describing
what have to be done.
Generally it would be a good idea, to extensively
On Sat, 2012-04-21 at 14:56 -0400, Jeffrey Johnson wrote:
And the recommended -- by SleepyCat -- solution is to internalize
Berkeley DB to avoid breakage between different applications
compiled against different libraries.
With internalise you mean that the package should ship it's own copy of
Thanks for the hint.
Adding a DB_CONFIG file and increasing the mutex to 2^16 helped so far
(though I had to do it for BOTH (!) databases, DB and Ptree, and the
used mutexes for Ptree is still increasing at currently about 1.
Is this normal?
Can't we just increase the defaults in the source
Hi.
Since some days my recon DB seems DB be corrupted. recon.log gives the
following message.
...
2011-05-25 13:51:30 address for alpha.keyserver.ws:11370 changed from []
to [ADDR_INET [64.70.19.33]:11370]
2011-05-25 13:51:41 reconciliation handler error in callback.:
Bdb.DBError(unable to
Hi.
I get several errors which I don't understand:
in db.log:
1) many like these:
2010-10-25 01:50:53 Error fetching key from hash
9BC79BCAF20C03977BAD4986AE5A2EA8: Not_found
2010-10-25 04:51:48 Error fetching key from hash
1602C783D3BBC01EA6882BCC8C087F40: Not_found
2010-10-25 04:51:48 Error
On Wed, 2010-10-13 at 22:25 -0500, John Clizbe wrote:
Yes, Chris. It would, especially after losing Peter's site. It would also be
great if we could expand the number of sites offering keydumps so Marco's site
doesn't have to bear all of the traffic.
Maybe the following would be the best:
On Wed, 2010-10-13 at 21:36 -0400, R P Herrold wrote:
just becaiuse something CAN be done does not mean it should be
done, and here particularly with a fine cache of email
addresses intact for spammers to target (rather than having
to pull them one-off)
I guess you underestimate today's
On Thu, 2010-10-14 at 12:42 -0400, R P Herrold wrote:
Review the bidding. I rather believe you initiated the
uncivil tone, and I have been mild in reply:
Hansen:
herrold:
and [impairing] the privacy of a whole community's members
This is nonsense.
This was not even offensive, but
Hi.
I guess it would make sense to put a list of all sites providing regular
keydumps on the googlecode webiste.
Cheers,
Chris.
smime.p7s
Description: S/MIME cryptographic signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
Hi.
The downtime of keyserver.pki.scientia.net has ended. It's available
under the same IPv4 address as before.
IPv6 is likely to follow end of the year.
Cheers,
Chris.
smime.p7s
Description: S/MIME cryptographic signature
___
Sks-devel mailing list
Hi.
In case any of its peers wonders:
The node hosting the SKS at “keyserver.pki.scientia.net.” is damaged and
will experience a longer downtime.
I'll recreated it on new hardware from scratch and put a note here, once
it's back.
Cheers,
Chris.
smime.p7s
Description: S/MIME cryptographic
a
proof that I'm actually Christoph Anton Mitterer but only that the
owner of that key has access to that email address (which an attacker
can have easily too, via MiM-attacks).
It neither proves you that the owner of that key is really the owner of
that keyserver, also because of easily possible
On Sun, 2010-08-22 at 12:56 -0700, C.J. Adams-Collier KF7BMP wrote:
The necessary root-CAs are available from the International Grid
Trust
Federation (www.igtf.net)
Thank you. I will review their CPS and make a decision regarding
trust at a later time. I am more hesitant to add CAs to
On Sun, 2010-08-22 at 10:49 -0400, Robert J. Hansen wrote:
Yes. I was using keyserver as synonymous for keyserver operator.
Imprecise language, I grant, but that's English for you.
Neverteheless?
Why should a keyserver or keyserver operator be a CA or act in such a
role?
A CA is an entity
On Sun, 2010-08-22 at 14:48 -0700, C.J. Adams-Collier KF7BMP wrote:
It was published on a CD, signed by Philipp Kern pk...@debian.org, a
Debian Developer whose identity was verified in person by another DD:
And you believe that Philipp has met officials for all the CAs included
in the Mozilla
Hi.
On Wed, 2009-09-23 at 17:24 +0400, Rakhmatulin Sergey wrote:
My server key.sodrk.ru:11370, e-mail pkp-...@sodrk.ru.
I'd add you if you still searching for peers.
You can add mine too:
keyserver.pki.scientia.net 11370
btw: The domainname you specified (key.sodrk.ru), differs from what sks
On Thu, 2009-08-13 at 10:39 +0200, Sebastian Wiesinger wrote:
I entered pool.sks-keyservers.net as keyserver address in GnuPG but it
doesn't return any A/ records at the moment.
For me it works ;)
# dig pool.sks-keyservers.net any
; DiG 9.6.1-P1 pool.sks-keyservers.net any
;; global
Hi.
Are we going to see a new sks release in the near future? With all the
recent patches (IP6, DNS, this one, etc.)?
Perhaps including a end-user targeted guide how to recover from bugs
like this one (dump-restore-etc-procedure)?
Best wishes,
Chris.
smime.p7s
Description: S/MIME
Sorry for writing German.
I didn't want to CC this to the list ;)
Regards,
Chris
smime.p7s
Description: S/MIME cryptographic signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/sks-devel
On Mon, 2009-03-09 at 09:52 -0400, David Shaw wrote:
We may end up with hkps on port 11372 just for lack of support for
doing anything else.
One should not use port numbers from the registered port numbers
area,... if it's not actually registered or even used by something else.
Chris.
Hi.
Thanks for all your information.
In took a little bit longer (I exchanged the hardware of my server, and
used the non-fast-DB-build ;) )... but now it's up and working, at least in
its initial configuration (without fancy website etc.).
Anyway I'd still like to have many more gossip
Hi.
Thanks for all your information.
In took a little bit longer (I exchanged the hardware of my server, and
used the non-fast-DB-build ;) )... but now it's up and working, at least in
its initial configuration (without fancy website etc.).
Anyway I'd still like to have many more gossip
Hi.
Thanks for all your information.
In took a little bit longer (I exchanged the hardware of my server, and
used the non-fast-DB-build ;) )... but now it's up and working, at least in
its initial configuration (without fancy website etc.).
Anyway I'd still like to have many more gossip
;)
Best wishes,
--
Christoph Anton Mitterer
Ludwig-Maximilians-Universität München
christoph.anton.mitte...@physik.uni-muenchen.de
m...@christoph.anton.mitterer.name
smime.p7s
Description: S/MIME cryptographic signature
___
Sks-devel mailing list
Sks
51 matches
Mail list logo