Some updates on keyserver.cns.vt.edu: - Thanks to all who responded to my request for peers. I think I have added everyone who responded.
- I changed both the v4 and v6 addresses today. I left both the old and new addresses bound for several hours more than the DNS TTL and then removed the old addresses. If you have some firewall rules or something that are configured by address, they need to be updated. Let me know if so and I won't assume DNS will take care of everything the next time. Tcpdump didn't show any traffic on the old addresses. - I'm using stunnel to provide SSL on both ports 11372 and 443. Right now I'm using a CAcert certificate. I plan to change 443 to a cert that is in the trust store of most browsers. The question is what to do with 11372. I'm guessing most people who use hkps probably have the CAcert root configured as their trusted CA in gnupg. Am I better off with a cert in most default trust stores, or am I better off with CAcert? - I tried to add use_port_80: (no arguments) to sksconf, but the server won't start and complains that an address is in use. Port 80 does not appear to be in use for either the v4 or v6 address of the key server. The host itself has a bunch of v4 and v6 addresses with port 80 in use though. Are there any known issues with use_port_80? Does it use the same address list as specified to hkp_address? Thanks, Phil _______________________________________________ Sks-devel mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/sks-devel
