Re: The state of peer connectivity

Which reminds me: ‘cause of various operational issues and the time it needed to attend to them lately, the following servers have been stopped and aren’t operational anymore: sks2.cryptokeys. co.za sks1.cryptokeys.org.za

[Sks-devel] ProxMox/Debian 10.1 gnupg2 notice:

Thought it would be interesting to know this state: apt-listchanges: News - gnupg2 (2.2.12-1+deb10u1) buster; urgency=medium In this version we adopt GnuPG's upstream approach of making keyserver access default to self-sigs-only. This defends against receiving

Re: [Sks-devel] The pool is shrinking

> On 16 Aug 2019, at 23:29 , Stefan Claas wrote: > > Hendrik Visage wrote: > >> SKS network contains *PUBLIC* keys. It’s purpose, is to PUBLICLY make your >> communications, signed/etc. with the associated *private* key, by directed to >> you and associated with

Re: [Sks-devel] The pool is shrinking

> On 16 Aug 2019, at 22:45 , Stefan Claas wrote: > > O.k. I understand your point, but what I like to say is that I or anybody > else can download a dump without running a key server. While running a > key server requires a dump, it would be really nice if dumps are only > available to a

Re: [Sks-devel] The pool is shrinking

> On 16 Aug 2019, at 18:01 , Andrew Gallagher wrote: > > Signed PGP part > On 16/08/2019 16:13, Stefan Claas wrote: >> It should tell users that SKS operators share no dumps with 3rd >> parties for key analysis, i.e. social graph research etc. Those >> who publish a warrant canary can stay in

[Sks-devel] Exploiting GDPR (Re: The pool is shrinking)

e whole world? If that is the case then EU citizens > having 'business' with the US can do the same with US citizens data. > > Well, just my thoughts. > > Regards > Stefan > > -- > box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56 > GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB7

Re: [Sks-devel] The pool is shrinking

of global revenue or €20 million, depending on the severity and circumstances We recommend So far, the EU’s reach has not been tested, can help avoid drawing scrutiny from EU regulatory authorities --- Hendrik Visage signature.asc Description: Message s

Re: [Sks-devel] The pool is shrinking

gt; In mid and longer term the penalty fees will be harmonized. Today every >>>>>> country has its own penalty fees and penalty practice. >>>>>> >>>>>> There is no more exceptions anymore such as it is technically impossible >>>>

Re: [Sks-devel] The pool is shrinking

rifisk > > Public OpenPGP keyblock at hkp://pool.sks-keyservers.net > fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 > > Corruptissima re publica plurimæ leges > The greater the degeneration of the republic, the more

Re: [Sks-devel] Key updates not propagating

ossip efficiently with peers, but that > weakly connected keyservers can remain in the pool regardless. > > A > > ___ > Sks-devel mailing list > Sks-devel@nongnu.org > https://lists.nongnu.org/mailman/listinfo/sks-devel ---

Re: [Sks-devel] Blacklisting on UID?

Cheers, > > -- > > Thorsten Bro > - Member of openSUSE Heroes - > > ___ > Sks-devel mailing list > Sks-devel@nongnu.org > https://lists.nongnu.org/mailman/listinfo/sks-devel --- Hendrik Visage HeViS.Co Systems Pty Ltd

[Sks-devel] 32bit UID spam/flood attack ?

https://www.hactrn.net/blog/2018/06/11/32-bit-pgp-keyid-delenda-est/ <https://www.hactrn.net/blog/2018/06/11/32-bit-pgp-keyid-delenda-est/> Anybody else seen/aware of this on the SKS servers? --- Hendrik Visage HeViS.Co Systems Pty Ltd T/A Envisage Systems / Envisage Cloud Solutions +27-

Re: [Sks-devel] heads-up: another attack tool, using SKS as FS

gt; dumps, very few uids are miscategorized. > > It may be hard to do with 100% accuracy, but it's unsurprisingly easy do well > enough. The words “machine learning” comes to mind… wonder if somebody with Amazon/Google/Azure contacts might be able to reach out and ask for sponsorship

Re: [Sks-devel] heads-up: another attack tool, using SKS as FS

> See also "web of trust" and "strong set". > Addresses should/can be checked by humans worldwide who sign/certify the key. I’ve been trying to get mine “signed” by Web-Of-Trust for years now… also not that “easy” ;( --- Hendrik Visage HeViS.Co Systems Pty Ltd T/A Envisage System

Re: [Sks-devel] Deployment question about non-public server with oneway feed

ys via the recon/whisper partners (Else every one will sent out emails with each and every sync, ie. >100mails/days…) I think the (wish list) option to have a 1-way sync setting, ie. Any and all keys you receive, you forward in that direction, no matter whether that server have the key or not,

Re: [Sks-devel] keyserver1.computer42.org is dropping peers [but not keyserver2.computer42.org]

11370 # Stefan Tomanek 0xAC2C9AAB > # key1.dock23.de 11370 # Ramón Goeden > 0xb7c51fd6 > > > If you're sure that your server is stable and not affected by the malicious > key problem contact me for activating the peering again. > > Best R

Re: [Sks-devel] One Way replication (for test environments)

eeeds from the public servers, but no egress to the public side. Might be good for others to test there “test certs/keys” against before actual publication?? --- Hendrik Visage signature.asc Description: Message signed with OpenPGP ___ Sks-devel m

[Sks-devel] One Way replication (for test environments)

I’m considering setting up some test environments for the “researchers” to test the SKS keyservers, but I was wondering about one way replication, ie. one server that will only sent out to the test server(s), but not receive from them. What’s the easiest to set that up? --- Hendrik Visage

Re: [Sks-devel] SKS apocalypse mitigation

via other > means. > Exactly, sent an email, look at an URL with the signed picture… --- Hendrik Visage signature.asc Description: Message signed with OpenPGP ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] TLS 1.3 and HKPS pool

that'd be > exclusion worthy from the pool, but lets do this manually if so. I’ve not seen and TLS1.2 security issues yet (but then I might’ve missed it in the deluge of meltdown/spectre/memcached) so I don’t see the need/reason to disable TLS1.2 --- Hendrik Visage HeViS.Co Systems Pty Ltd T

Re: [Sks-devel] Operational question for all

lving from those names in the membership file, gets ignored. That might be a version 2 feature request: have peers authenticated not based on IP, but pub/private keys --- Hendrik Visage HeViS.Co Systems Pty Ltd T/A Envisage Systems / Envisage Cloud Solutions +27-84-612-5345 or +27-21-945-1

Re: [Sks-devel] seeking peers for pgp.securitytext.org

> On 13 Mar 2018, at 07:54 , Alain Wolf wrote: > > Hello PGP Key Server Administrator > > I don't think this setup will make it into the pool: > > * pgp.securitytext.org points to a Cloudflare IP, which does not answer > to OpenPGP clients on TCP port 11371. Yeah,

[Sks-devel] sks?.inx.net.za peers please

Good day, Looking for peers for the following servers in South Africa: sks1.inx.net.za 11370 # JNB: Hendrik Visage <hvis...@envisage.co.za> 0x9c1384b1168fd423 / Nishal Goburdhan <nis...@inx.net.za> 0x97db45a1fcd1545f sks2.inx.net.za 11370 # CTN: Hendrik Visage <hvis...

Re: [Sks-devel] pool for Africa?

> On 06 Feb. 2018, at 18:53 , Andrew Gallagher <andr...@andrewg.com> wrote: > > On 06/02/18 16:45, Hendrik Visage wrote: >> Good day, >> >> As I’m busy setting up and deploying SKS servers at INX)ZA sites (three >> at present) and some of the other Africa

[Sks-devel] pool for Africa?

Good day, As I’m busy setting up and deploying SKS servers at INX)ZA sites (three at present) and some of the other African peering points, the question arose: how many servers would be needed to make a sensible pool for Africa? --- Hendrik Visage HeViS.Co Systems Pty Ltd T/A Envisage Systems

[Sks-devel] dump-only server (gossip but not public pool availability)

then be a server I could easily take offline and dump keys every so often, not impacting the pool availability etc. Which settings should I use to achieve the above, as it seems the moment I start the server, it starts to broadcast it’s availability to be included in the pool? --- Hendrik Visage

[Sks-devel] Descriptive error meesages

OCAML reference & tutorial guides? (2) Where should I start looking for these errors messages to help enhance them? --- Hendrik Visage HeViS.Co Systems Pty Ltd T/A Envisage Systems / Envisage Cloud Solutions +27-84-612-5345 or +27-21-945-1192 hvis...@envisage.co.za signature.asc Descrip

[Sks-devel] SKS behind NAT firewall

the firewall to the SKS server? Reason I’m asking: I’m not quite clear in understanding the recon settings, and I’d rather ask experience before I chase down the wrong alley. --- Hendrik Visage HeViS.Co Systems Pty Ltd T/A Envisage Systems / Envisage Cloud Solutions +27-84-612-5345 or +27-21-945-1192

Re: [Sks-devel] Debian asks package and default paths

Thanks for the explanation Daniel > On 23 Jan. 2018, at 18:18 , Daniel Kahn Gillmor > wrote: > > On Tue 2018-01-23 10:51:54 +0100, Alain Wolf wrote: >> I would try to change desired filepaths in >> debian/patches/0001-use-debian-fhs.patch > > Hi there-- > > I'm one of

Re: [Sks-devel] Debian asks package and default paths

> On 23 Jan. 2018, at 11:51 , Alain Wolf wrote: >> >> strings does show that /var/log/sks/db.log is in the Debian packaged >> /usr/sbin/sks file. >> > > I would try to change desired filepaths in > debian/patches/0001-use-debian-fhs.patch Okay, that implies

[Sks-devel] Debian asks package and default paths

still get this: Fatal error: exception Sys_error("/sks2/sks/db//var/log/sks/db.log: No such file or directory”) strings does show that /var/log/sks/db.log is in the Debian packaged /usr/sbin/sks file. --- Hendrik Visage HeViS.Co Systems Pty Ltd T/A Envisage Systems / Envisage Cloud Solu