Re: [Sks-devel] sks-keyservers.net: New inclusion criteria for pool
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1,SHA256 Kristian Fiskerstrand wrote: > Dear all, > > The primary advantage of this change, is of course that the pool isn't > dependent on a single keyserver anymore to function. Also, it should > handle larger key jiffers e.g. in events of a keyserver starting to > synchronize again and contributing larger number of keys than average. > > Comments are, as usual, appreciated. sks@yogi:/var/sks$ crontab -l ... # SKS stats on the hour 0 * * * * pkill -USR2 sks || exit 1 ... sks@yogi:/var/sks$ It's in SKS as of 1.1.2. Takes a few seconds on an Athlon XP 2800+ (2.1GHz) - -John - -- John P. Clizbe Inet: John (a) Gingerbear DAWT net John (@) Enigmail DAWT netor: John (@) Keyservers DAWT net FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or mailto:pgp-public-k...@gingerbear.net?subject=HELP Cowboy Haiku -- Reflections on Rodeo So many Cowboys/Round Wrangler butts drive me nuts/Never enough rope -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12-git-509fe4ce-2012-01-31 (Windows XP) Comment: When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl! Comment: Be part of the £7 ECHELON -- Use Strong Encryption. Comment: It's YOUR right - for the time being. Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPg3VxAAoJECMTMVxDW9A09xMH/3AbknjdTyYXSVeWKjWVgERm GBcmC9823Utkkf0up64fn78QtOHs7OlmfGiN9XHmu3oGU26KVXsujHy1P9XiaTtL yabhDfoY380dflmM94K1I/FU93cO67qA3eqIyNBU0QbgFh362kZTW6adQzDgqZCP cqx3SYFhtOiiLQqsmOKFfYgRAvjHcD9xKZTsY+4N8+Of9hRUoF/70e1T5xzF4En8 ww86lfkGhyXbbAac+B4kGXAaU2Q1Ogte5YK6VS4i/5CpTEtsMkO8xnsLWa9MAnDT 8lzuvyT91cOKrH6rqoCkM6ZAM7OVYN82tlqS/lkjeiKXOOeD/pta1A2KsF/2Lr+I XgQBEQgABgUCT4N1cQAKCRDrXhnz1laYJWtGAP4xcwhOFWLuR1R4ZbgMIovGl3/J Lbp7NGZ18YtxleXzIQEAhuz0kQZLrBgHdmXtl6F/2vIrEZVK7fk1UxfPa0ZC/wI= =+3K8 -END PGP SIGNATURE- ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Fwd: Unauthorized server connections
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06.04.2012 05:23, John Clizbe wrote: > Anyone else seeing this? On a somewhat related note, a rather interesting configuration is found on http://88.191.144.226:11371/pks/lookup?op=stats that lists pool.sks-keyservers.net 11370 as a peer. - -- - Kristian Fiskerstrand http://www.sumptuouscapital.com Twitter: @krifisk - Corruptissima re publica plurimæ leges The greater the degeneration of the republic, the more of its laws - This email was digitally signed using the OpenPGP standard. If you want to read more about this The book: Sending Emails - The Safe Way: An introduction to OpenPGP security is now available in both Amazon Kindle and Paperback format at http://www.amazon.com/dp/B006RSG1S4/ - Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPg0kZAAoJEBbgz41rC5UIwvoQAINhdbXkDcp8FvKgwzDgHGE5 vviakSKGI7lbQvlREOds/3z71kHVq+qKlz0MZaLZO3bbMGcwpc+/uFl6ItRtnj9l qyff/kvmPizaOoPsvv/9Ir0qo0/6kHwC/V7L8SfGzKAsJQi1Ek5paqR7lLvpUEGI Ly6/VerZbFo2ZHLCBLHkfwazQzO8uc27AYo2sTYO1mRhV/Bo2zaHyZQ9rMbeOUfb E+JYMiVMmioVKXBrcyCktLoRA1Mq8g4VAjuXIr2patZheiZrdXUahQnXilJ9eVh4 +Wo+sBvNAXNB19l1kyPVvtRyNKBwsI1on+qdkPAayconWlq/Ita6kLmQZgQCcB4I 3zhvYCZxhqdo+bfBmax0xZvkPU1cwyvcmNADsPROA3sl80G0mFm5Uj5xclgXnmVi NapQiHjE9wHoUfD2w5pDUAhnQg8lQ04z9tQGy57GuzoRV+N0nft3c/Z8In9GjVbl 8TbW9B2UXm2wYN8jjo0uP5eZeo4LVXwD+QEu5CSAYjdr16RCogN2Aif9ENmTl5Cv KqRRJqf1mAfLzux4FZHWMAHUllc0WdV4VeKWcLQbu8NdaMttQK8kNpF9L6jSpqiQ 9VwxeFfYu5b0Y/R7Ewh7MbgkoqUy/V04JCFGyaDUrkshV8FtuVjzhfygYnbxtWyr +fIY122yLJ8jNfzOqAuk =wjFJ -END PGP SIGNATURE- ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] peering broken for keyservers using reverse-proxies?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05.04.2012 02:02, Ryan wrote: > I had problems reverse proxying 11371 behind a load balancer; would > break other sks servers fetching keys. > > What I ended up doing was configure SKS to use 21371 on external > interface and the proxy on 11371; other SKS servers started > fetching keys off 21371 and bypassing the proxy yet clients always > hit the proxy. > > I think the issue was fixed in latest SKS but alot of servers are > not running it yet so this is my work-arround. Ditto for me, although on port 11372. This is, however, firewall restricted to IPs of my peers. - -- - Kristian Fiskerstrand http://www.sumptuouscapital.com Twitter: @krifisk - Corruptissima re publica plurimæ leges The greater the degeneration of the republic, the more of its laws - This email was digitally signed using the OpenPGP standard. If you want to read more about this The book: Sending Emails - The Safe Way: An introduction to OpenPGP security is now available in both Amazon Kindle and Paperback format at http://www.amazon.com/dp/B006RSG1S4/ - Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPg0efAAoJEBbgz41rC5UIpUIQALZdR2YUvBKWYXXBLgbaaxPg noTH13kXkP6Siv8/loAl5n0+C7+Q7ea9SoyRw9sMnYcTvH+uReiQb3iTk9BdLATL eUDXii8UtDLnsa0+ospaXrXi9ONMRgw16WqHseu4Zdoy18FmniTA2uqGxDMW8mSR 2p2cgh14tYCuJoFie9+rVSiaOZQj9V2jzZW+jiGyae8fLzI8dfNWcWT8smaJ5Eq+ c2xpVVRG2Nr5KmNREyv92IFav8mFeRcx3EPxr8roX71PCe93gkn/J7fSjZqOmrJG DgJYucMdPPb3tQegRHaju7rnBysm2jJ6eqvGzMFtNIL7e1GSJWEghIQScEzA/dZ+ 631j0vyEtl96Rfjks0I3Yioir8hq+F6YM+HbU0O+BwuWCbCauPvf4rnNPDl0tniQ lpCGOS2sdQT17vDwGsqfrum3d4rnwUaYlzV6L3K30doBA/I8fgd3kFs9zIsYJ+iV 6HeYCObYC8mxmPt0NhD+T9PtzFfIlKwKHrT+6l5zgWOJc6dC7oE8ifCdfwyc3Q1Q 8uRm9XVez3g08/BZCQxKTtKg7tMjhtVakhYbiksCS6LiqQ7RHwR4Zfa0jplJzmQe gyXjVAvPUBJI7Rx/3wexxquhT5TryuP6td8FVculBdEDoqcOfyfegJ1YXI1NNqHv S+V+u67CwQMv2WmwtUOW =KQ21 -END PGP SIGNATURE- ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
[Sks-devel] sks-keyservers.net: New inclusion criteria for pool
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear all, As previously discussed on this list, and listed as issue 5 in the tracker[0], a more dynamic approach to inclusion in the server pool is favorable to the current approach of difference to a reference keyserver (currently keys.kfwebs.net). I've finally gotten around to playing a bit with this, and today committed a change as revision r86[1]. The process, as it stands now is as follows. Pass 1: Calculate the mean and standard deviation of all servers found to be online on HKP and have more keys than 3 million (sks is add-only, and we know this point is passed). This results in : Numkey set to3064847.4236372 based on mean - 0.5 * 10048.894104989 Pass 2: Exclude all servers that have less keys than 1 stddev away as calculated in pass 1, calculate new mean and stddev and then exclude all servers with less keys than 0.5 stddev away from mean. This results in Numkey set to3070944.3992914 based on mean - 0.5 * 1453.4176334218 I've added some more information to the status page[2], which currently reads (note, lower bound has a slight discrepancy to the numkey of pass 2 due to different run between debug and production): Lower bound of keys:3070937 Mean: 3071671 Max difference: 733 The primary advantage of this change, is of course that the pool isn't dependent on a single keyserver anymore to function. Also, it should handle larger key jiffers e.g. in events of a keyserver starting to synchronize again and contributing larger number of keys than average. Comments are, as usual, appreciated. [0] http://code.google.com/p/sks-keyservers-pool/issues/detail?id=5 [1] http://code.google.com/p/sks-keyservers-pool/source/detail?r=86 [2] http://sks-keyservers.net/status/ - -- - Kristian Fiskerstrand http://www.sumptuouscapital.com Twitter: @krifisk - Corruptissima re publica plurimæ leges The greater the degeneration of the republic, the more of its laws - This email was digitally signed using the OpenPGP standard. If you want to read more about this The book: Sending Emails - The Safe Way: An introduction to OpenPGP security is now available in both Amazon Kindle and Paperback format at http://www.amazon.com/dp/B006RSG1S4/ - Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPgyVLAAoJEBbgz41rC5UI3lYP/3hvzTk5jcD5LxA69+iCcnCK UCoj1DE1ZWCEH0irnVsbHkMrilsDlqjKobFXvd9lShKawpuFKr1BviKmvK/aBFz1 1q6zzCK1uOFbre7r45+99HNeBOFNxdZcoTnb0pgXdeTFAx7IV0LBLOfJOXeULY2I Ea63+/l/BdXXa/EF++imEBAdLrPLgoifolVIjHQu41K9MGDGz7bTfi6tAwRyLMIO kfJmVLkGRFsJIbuSMi3s5tZ1ZOa0b73EqVQ6N9qglwI0fSRWgSW0U2UA8g1zaNM6 B1zLa3W58PKjtykfZL0EJGpfWhW4wKTYkxidw/Kdt/CyMshosWISYDIgknelNByB k/YpwBAnsXjSlWVQW1G7tkUSiUus0as002dNmGUSlArLknMooL+uYk7k0PSg8RWt M3FGaynV1Ae9QxoErbjum7/UOfyXGbDMgderj/QfO0RDPy9S7pR2uLsAStKh+Md2 9YALtsnIEB4MTINosaIyQCaD+rG7cCbV3E/CdRb/yNMmadxCdjIWto5GwHnLkH9m Md0Vm7eqDj2gYzXuW//nVfz8Qhpe+eEp/IrdOwce/U1sOrLZ3dCXf6v0yRXkzZHB 5WrfAdmWSpxh1miLi/WvaiXvUuNnFtJPdsTmuU/8+oaAZxTysOd95o6OvA1Ih/cN TfGk3BToSyeIFDqKosky =FbqL -END PGP SIGNATURE- ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel