-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Thank you so much for your quick feedback Alain & Hendrik. Per your
suggestions (and the super helpful guide), I have gone ahead and changed
the following:

  * Upgraded to sks v1.1.6:
https://keyserver.securitytext.org/pks/lookup?op=stats
  * Removed Cloudflare; flattened DNS into keyserver.securitytext.org (with
A/AAAA records):
    * `dig a keyserver.securitytext.org` => 54.177.40.110
    * `dig aaaa keyserver.securitytext.org` =>
2600:1f1c:f79:ab00:e2f2:5d26:bd6d:c13d
  * Made available ports: 80, 443, 11370, 11371, 11372.
  * Added SRV records for _pgpkey-http/_pgpkey-https:
    * `dig srv _pgpkey-http._tcp.keyserver.securitytext.org` => 10 0 11371
keyserver.securitytext.org, 10 0 80 keyserver.securitytext.org
    * `dig srv _pgpkey-https._tcp.keyserver.securitytext.org` => 10 0 11372
keyserver.securitytext.org, 10 0 443 keyserver.securitytext.org

I believe these changes cover all the earlier feedback raised, but if I
missed something please don't hesitate to let me know. The corrected*
membership line should be:

  keyserver.securitytext.org 11370 # securitytext.org <p...@securitytext.org>
0x169508A9

Thanks again for your time.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEwQo8Hkszv5HFq6iLLv5IZRaVCKkFAlqoE8oACgkQLv5IZRaV
CKkOXg/+Nbu95xn7AyqtgWK9LMJcCK9gg8zgt64UhygWtGb2DxUmgDeS6gk3hCa6
dtCxofN+jyd7HU6OpduM0aDEdzkaHa7De62jGIla/uEaBbf1jN4imP4CvxaJaAwn
Rd+fcl8QFP9DNWeR/k501wDURU5RAsOOGkTA5lK+LjmOa0VGC22Aom4cCicLbL9F
Q4wCGMpvhWDK1yZArchw1GVrgIWwO5kJa8rYG/MRZQuUL21y7gSS0YvjXPYxtWUA
HtXDCrEC6d6+IdKMEn7PBAjK7wlWTIIjnJkAzqsyFp6n/0eOQ9ZbJt1pm7/xiqus
dulh8V6rlj2Zpb5CZB/MR/94CfPW7HCO6I3VH2IHeo9g8VQCmGOxniKAfZh2mCUU
IQgFfPTnyEUWitjQbcKJs/xGHXW/M9Okcs8wyrxk9qQr119A3JgwNFl4rPajqWpT
3JNxTgrTlKppC8sSph/+aU1ypo/kVDbf67d2mk02jY9gnvMNgh+eRZNWsM4VLuzB
WZok5oTECS1Ltjqttol81KOClvsFE69i3GdCKTs5LNNJ9f2jrieXRz7Lk69UWYIO
qK6qikd7LpBGvHmCLSAUZKpMwDpejhpm5LQZ1IjjiHp3NcY3tSPVhIUNRgVx8poZ
pp1fuWgrI+SLmuQqBXDwtwAto+ND2wxLMrpAJYL3aiiNBCPit78=
=JF4a
-----END PGP SIGNATURE-----




On Mon, Mar 12, 2018 at 11:24 PM, Hendrik Visage <hvis...@envisage.co.za>
wrote:

>
>
> On 13 Mar 2018, at 07:54 , Alain Wolf <keymas...@urown.net> wrote:
>
> Hello PGP Key Server Administrator
>
> I don't think this setup will make it into the pool:
>
> * pgp.securitytext.org points to a Cloudflare IP, which does not answer
>   to OpenPGP clients on TCP port 11371.
>
>
> Yeah, that definitely won’t work for SKS
>
> * I can't connect to dualstack.pgp.securitytext.org, neither on TCP
>   port 11370 nor 11371
>
>
> could you connect to the ipv4/ipv6 versions? they are but the separate IPs
> for dualstack.
>
> On 13.03.2018 05:51, PGP Key Server Administrator wrote:
>
> Apologies for the incorrect member entries. Corrected ones below:
>
> ipv4.pgp.securitytext.org <http://ipv4.pgp.securitytext.org> 11370 # PGP
> Key Server Administrator <p...@securitytext.org <
> mailto:p...@securitytext.org <p...@securitytext.org>>> 0x169508A9
> ipv6.pgp.securitytext.org <http://ipv6.pgp.securitytext.org> 11370 # PGP
> Key Server Administrator <p...@securitytext.org <
> mailto:p...@securitytext.org <p...@securitytext.org>>> 0x169508A9
> dualstack.pgp.securitytext.org <http://dualstack.pgp.securitytext.org>
> 11370 # PGP Key Server Administrator <p...@securitytext.org <
> mailto:p...@securitytext.org <p...@securitytext.org>>> 0x169508A9
>
>
> This will end up as three different servers in the SKS pool, even though
> they are the same server? rather just advertise the dualstack, en drop the
> CloudFlare as already pointed out ;)
>
>
>    I am looking for peers for a new SKS keyserver installation.
>
>    I am running SKS version 1.1.5, on pgp.securitytext.org <
> http://pgp.securitytext.org>.
>
>
> This also won’t make it into the pool. I suspect it’s a Debian/Ubuntu
> setup? Get the 1.1.6 software that’s needed to make it into the pool.
>
> See https://roll.urown.net/server/pgp-keyserver.html for guides to setup
> SKS server.
>
>    We are a registry for security.txt files, which utilize OpenPGP keys.
>
>
> Something to Google laterz when Ops issues resided :)
>
>
>
_______________________________________________
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Reply via email to