> That doesn't seem likely to work. AIUI the sks recon protocol doesn't just
> ensure that all members of the network have a copy of every key but
> that they have the same version of each key. If the recon adapter
> only deals in stripped keys then the reconciliation could never finally
>
> Anyone got some good idea on how to continuously sync certificate updates from
> the SKS pool?
>
> We imported the sks dump to keys.openpgp.org, specifically the non-identity
> parts. We did this mostly to ensure that users of keys.openpgp.org will
> reliably receive revocations that were
Forgot to mention that I developed a TypeScript library for getting
statistics: https://github.com/ntzwrk/sks-lib
There are some regular expressions you might want to have a look at.
signature.asc
Description: OpenPGP digital signature
___
Sks-devel
Hey,
> Is there method to get sks server statistics (key count etc..) other
> then http request? I want to graph statistics using Cacti, so i need get
> this info quite often.
As far as I know there isn't any way to get machine readable statistics
out of an SKS instance other than requesting the
asn't able to find the origin of these requests (they
got sorted into a general logfile because of the "missing" Host field).
The IP that is querying my server belongs to Amazon's AWS. Requests look
the same, every 2 seconds a "GET /".
>> There might be a clue in the host
is greatly appreciated, although I guess
I can't find much time for it.
Best regards,
Valentin Sundermann
signature.asc
Description: OpenPGP digital signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel
helpful anyways.
Best regards,
Valentin Sundermann
[1] https://keys.vsund.de/stats/
signature.asc
Description: OpenPGP digital signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel
> However, my key server,
> keyserver.brian.minton.name, does not appear in the pool status page. Not even
> in the "Servers currently not in the pool" section. I thought it would
> automatically show up. Any thoughts?
Your keyserver is on the exclusion list at Kristian's scanner[1]. I
think
> as per evil32's demo of 32bit key dupes it's possible to flood these,
> but it costs cpu, and even so you can search the keyid-format long value
>
> eg;
> 0x1992274E129BAF74
I only thought of same name, email and comment. Searching with the
short/long id and the fingerprint would be still
Hey sks-devel,
when searching for common terms (i.e. "test") on a keyserver, I hit a
limit of matches sometimes.
Assumed that I'd be a bad person, I should be able to make a choosen key
unusable by creating and uploading keys with similar name, email address
and so on. If somebody searches for
> This is a bug on Kristian's side.
> The peering itself works just fine.
Kristian's script uses the hostname specified on your stats page[1],
which is in your case sks.spodhius.org (see [2]) ;)
[1] http://sks.spodhuis.org:11371/pks/lookup?op=stats
[2]
Hi,
> Yes, peers connects to http port that is displayed in stats page, so
> you're describing an invalid configuration above
Ah, didn't know that. Fixed it.
My logs look better now but there are some connections errors (see [1]).
Furthermore I found some peaks in my logs when filtering out the
Hi,
> I can't do any debugging since port 21371 (as reported as http port in
> stats page) is refused, I expect this is opened on a per-peer basis?
I use 21371 only internal as port (allowed for 127.0.0.1) and has nginx
as reverse proxy set up at port 11371 (allowed for all connections).
Try
Hi,
my keyserver[1] seems to have problems with syncing new keys out to
other servers.
An user notified me about it some time ago and I tested it myself
afterwards but I
could not reproduce it.
Yesterday I updated my key and synced it to my server[2] but me peers
(i.e. [3]) don't show the update.
Hi,
> I wrote up how I have nginx configured to do HSTS while being in the pool.
Yeah, of course this is possible. But I think the problem is, that
there's no hint for keyserver operators that they should have a look at
their configs.
If just one keyserver sends a HSTS header for a pool domain
Hi,
I enforce HTTPS on all my domains by sending the HSTS header to my
visitors. HSTS forces the browser to use in future only secure
connections to this domain. More info on Wikipedia[1] :)
Since my keyserver could be added to pools of keyservers without any
notice to me. It could be possible
Hi,
> Can we add a proof of work mechanism to make adding a key to the server
> more "costly" ?.
There are some blockchain based approaches on how to distribute keys (or
managing identity) like Blockstack(.org) with their "blockchain id".
Their current model is, that you order a normal name (like
own):
- *.sks-keyservers.net
- *.pool.sks-keyservers.net
- keys.gnupg.net
- pgp.ipfire.org
Are they any problem with this? (And are there any pools which could add
me without notice?)
keyserver.vsund.de 11370 # Valentin Sundermann <m...@vsund.de>
0xA1AADE57842A21A3 - onename.com/vsund
own):
- *.sks-keyservers.net
- *.pool.sks-keyservers.net
- keys.gnupg.net
- pgp.ipfire.org
Are they any problem with this? (And are there any pools which could add
me without notice?)
keyserver.vsund.de 11370 # Valentin Sundermann <m...@vsund.de>
0xA1AADE57842A21A3 - onename.com/vsund
19 matches
Mail list logo
