Re: Desperately Seeking Kristian - SKS HKPS certificate renewals
If only there was some way to establish trust (secrecy, authenticity, integrity) relationships in a distributed manner, rather than relying on a small pool of third parties who might suddenly become unavailable... 🤔😂 On Fri, Jun 12, 2020 at 10:39 AM Todd Fleisher wrote: > Thanks for the suggestion, Gabor. He doesn’t appear to have been active > there since last summer, but it can’t hurt to try. > > -T > > > On Jun 11, 2020, at 21:19, Gabor Kiss wrote: > > > > On Thu, 11 Jun 2020, Todd Fleisher wrote: > > > >> Has anyone seen or heard from Kristian in the last month or so? I?ve > reached > > > >> SKS HKPS pool will become defunct. If anyone has other channels by > which to > >> reach Kristian, please use them to reach out and make sure he is OK & > aware > >> of this impending issue. > > > > https://mobile.twitter.com/krifisk > > > > Gabor > > > > -- GDB has a 'break' feature; why doesn't it have 'fix' too?
[Sks-devel] withdrawal of service: sks.boo.tc / sks.bootc.eu
On 13/07/18 18:34, Phil Pennock wrote: > Folks, with immediate effect, I am withdrawing sks.spodhuis.org from > service and it will not be returning in its current form. My server is down today for reasons unrelated to SKS and it has dropped out of the SKS pool as a result. I can't bring my server back for several hours and I will not be bringing SKS back up at all. Given the recent queries around GDPR and the significant technical issues with abuse of the SKS ecosystem, I can't keep on. My server and Internet connection have been run into the ground with the recent abuse issues and I've been uncomfortable with the potential legal implications surrounding GDPR, so it's time to pull out. Once these issues have been ironed out then I will certainly be interested in contributing resources towards a keyserver effort, but I can't help but think that SKS is no longer a viable solution to the problem. Cheers, Chris -- Chris Boot bo...@boo.tc signature.asc Description: OpenPGP digital signature ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Implications of GDPR
My short response to all of that is: "meh".
Less briefly: Technically, I think you're right. The whole keyserver system
doesn't appear to work at all against GDPR. But equally, a _system_ like ours
doesn't seem a very likely target of any regulators. The law was mostly
envisioned to keep *companies* in line - not a disparate collection of
individuals running a service as a hobby. After all, most European countries
already had existing individual privacy laws that the keyservers were
theoretically already in breach of.
I'll personally risk it - but as you note - I'm not a lawyer either. 😉
Regards,
Chris
-Original Message-
From: Sks-devel [mailto:sks-devel-bounces+chris=funderburg...@nongnu.org] On
Behalf Of Moritz Wirth
Sent: 29 April 2018 12:03
To: Fabian A. Santiago ; sks-devel
Subject: Re: [Sks-devel] Implications of GDPR
Hi Fabian,
first of all, I am not a lawyer so you should not rely on my response as it may
be wrong :)
- The GDPR applies to all persons and companies who are located in the EU or
offering goods, services or who monitor the behavior of EU data subjects - this
means that all keyservers are affected regardless where they are physically
located. (https://www.eugdpr.org/gdpr-faqs.html)
- Personal Data includes Names, Photos, social posts, IP-Addresses.. (so it
seems that everything that can be connected to a person is included here).
- The Right to be forgotten: People have the right to get their data deleted if
it is no longer necessary in relation to the purpose they were collected. I
think this means that if someone wants to have their data deleted, you have to
delete it - given the fact above that some keys include personal name or even
photos, you would be required to delete them (even if you are in the USA).
However, I am not sure - the text says "the controller, taking account of
available technology and the cost of implementation, shall take reasonable
steps, including technical measures, to inform controllers which are processing
the personal data that the data subject has requested the erasure by such
controllers of any links to, or copy or replication of, those personal data."
<-- Given the fact that it is not possible to delete data from a keyserver, I
am not sure how this would be handled. (Same applies to for reasons of public
interest in the area of public health in accordance with points (h) and (i) of
Article 9(2) as well as Article 9(3) but I didnt check on that).
(https://gdpr-info.eu/art-17-gdpr/)
- I heard that you must sign (physical) contracts with data processing
companies (this may also include Google and Google Analytics, I am not sure
about Google Fonts etc but since Google gets your IP...) if you share the data
of your user with them (e.g using GA on your site).
("Controller will need to have in place an appropriate contract with any other
Controller that it jointly shares data with if that Controller particularly is
outside the EU."). Should not really matter (except for Google Fonts) - at the
end the use of Tracking services is up to the keyserver admin itself
(https://www.netskope.com/blog/gdpr-data-processing-agreements/)
The first thing I would do is to include a checkbox in the webtemplate that
every person who queries or uploads a key via the webinterface agrees to your
data policy - in the data policy you should explain what happens when a key is
uploaded, that it is distributed to other keyservers, (IPs are collected
whatever you do) and that it is not possible to delete keys once they are
uploaded.
If someone has more information on this or something to correct feel free to do
so :)
Best regards,
Moritz
Am 29.04.18 um 12:24 schrieb Fabian A. Santiago:
> So,
>
> As I understand it, GDPR concerns all EU citizen users of a site, regardless
> of where the site is hosted. How does this affect keyservers? I've seen at
> least one server going offline due to it. Should I be concerned as an
> American keyserver host?
> --
>
> Fabian A. Santiago
>
> OpenPGP:
>
> 0x643082042dc83e6d94b86c405e3daa18a1c22d8f (current key)
> 0x3c3fa072accb7ac5db0f723455502b0eeb9070fc (to be retired / revoked)
>
> ___
> Sks-devel mailing list
> Sks-devel@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/sks-devel
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel
[Sks-devel] sks.boo.tc renaming from sks.bootc.eu
Hi all, Now that the European Commission has decided that us filthy Brexiteers are no longer welcome in the .eu TLD[1], it looks like I'm going to have to move out. Better to do this on my own terms than being pushed, so I'm going to rename my server in the next few minutes. 1. https://eurid.eu/en/news/ec-releases-communication-concerning-brexit-and-the-eu-tld/ I'll keep the CNAME for the old name around for the foreseeable future so it should continue to work until I lose my bootc.eu domain. Turks and Caicos to the rescue! ACTION: People who peer with me, please update your membership line to: sks.boo.tc 11370 # Chris Boot 0xF5C83C05D9CE While I have got people's attention, and while you have mine, I am also accepting new peers: please drop me your details if you are interested. Thanks, Chris -- Chris Boot bo...@boo.tc signature.asc Description: OpenPGP digital signature ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
[Sks-devel] Seeking peers for keyserver.cloudcauldron.io
Hello, I am looking for peers for a new SKS keyserver installation. I am running SKS version 1.1.6, on http://keyserver.cloudcauldron.io. This is a private machine, and it's physically located in The Netherlands (EU). The machine has IPv6 connectivity. I have loaded a keydump from https://pgp.key-server.io/sks-dump/, dated 2018-02-12. I see 4,825,938 keys loaded. For operational issues, please contact me directly. keyserver.cloudcauldron.io 11370 # Christopher Funderburg 0xF21F35DB39C2C7D93C9B534C43AD361BAF83FB7D Thank you, -- Chris Funderburg signature.asc Description: OpenPGP digital signature ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] dump-only server (gossip but not public pool availability)
you can spin up a second instance on the same host, perhaps bound to 127.0.0.1:21370 and 127.0.0.1:21371. Have your public instance also peer with the localhost-only instance, and the locallhost-only instance peer only with your public instance. Then you can start and stop the localhost-only instance to dump it. On Sun, Feb 4, 2018 at 4:26 PM, Hendrik Visage wrote: > Good day, > > As I can’t dump the SKS database while running, and the file snapshot > setup not quite feasible for my setup(s) yet, I was wondering about a > gossiping only server (and only gossiping to a limited set servers close > peers) that isn’t connected/advertised to the SKS pool. > This would then be a server I could easily take offline and dump keys > every so often, not impacting the pool availability etc. > > Which settings should I use to achieve the above, as it seems the moment I > start the server, it starts to broadcast it’s availability to be included > in the pool? > > --- > Hendrik Visage > HeViS.Co Systems Pty Ltd > T/A Envisage Systems / Envisage Cloud Solutions > +27-84-612-5345 <+27%2084%20612%205345> or +27-21-945-1192 > <+27%2021%20945%201192> > hvis...@envisage.co.za > > > > > ___ > Sks-devel mailing list > Sks-devel@nongnu.org > https://lists.nongnu.org/mailman/listinfo/sks-devel > > -- GDB has a 'break' feature; why doesn't it have 'fix' too? ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] New Key Server - keyserver.arihanc.com looking for peers
On 30/11/17 22:54, Arihan C wrote: > Hi all, > > First please disregard any other email, i had issues with my mail server > so have reverted to gmail and a new PGP key. Gmail has unfortunately mangled your mail so it doesn't validate for me. HTH, Chris -- Chris Boot bo...@boo.tc signature.asc Description: OpenPGP digital signature ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] New Extra Members for my Keyserver
Hi Mike, Sorry to be a pest but would you mind sending those details in a signed email, and also include your GPG key details? Thanks, Chris On 17/07/17 14:22, Mike O'Connor wrote: > Sorry forgot to mention my host details > keyserver.oeg.com.au and the standard sync port 11370 ? > > Cheers > Mike > > On 17/07/2017 10:47 PM, Mike O'Connor wrote: >> Hi All >> >> It seems like my keyserver is -11K behind, my current members are mostly >> offline. >> >> I need a couple more well connected hosts, its my understanding that I'm >> one of the few in the AU/NZ area so I need to keep it in a good state. >> >> I'll be travelling over the next few weeks so I maybe a little low in >> replying and adding. >> >> Thanks >> Mike >> >> >> ___ >> Sks-devel mailing list >> Sks-devel@nongnu.org >> https://lists.nongnu.org/mailman/listinfo/sks-devel > > > > > ___ > Sks-devel mailing list > Sks-devel@nongnu.org > https://lists.nongnu.org/mailman/listinfo/sks-devel > -- Chris Boot bo...@bootc.net signature.asc Description: OpenPGP digital signature ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
[Sks-devel] [downtime] sks.bootc.eu, for a few days
Hi all, I’m moving house, and as my SKS server is one of the few externally-visible services I don’t run from my colo servers, it’s going to go dark from tomorrow morning (BST) until my new broadband connection is sorted out. Hopefully that will be a little later this week, but given BT are involved all bets are off. Clearly I need to relocate SKS to my colo. /me adds another TODO entry. HTH, Chris -- Chris Boot bo...@bootc.net ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] peer request for pgp.uplinklabs.net
GnuPG 2.1 is not available on Debian stable (jessie) at all at the moment. And no, 3rd party repos are not the answer for this, particularly not for sensitive crypto software. On 31/08/16 09:50, Hillebrand van de Groep wrote: > apt-get upgrade or the alternative on your distro helps ;) > > On August 31, 2016 10:29:48 AM GMT+02:00, Chris Boot > wrote: > > On 31/08/16 06:12, Steven Noonan wrote: > > Resending this message with a key that isn't revoked. Doh! > > > Except now, because it's an ECC key, nobody can verify your mail unless > they're running GPG 2.1... :-) > > Cheers, > Chris > > > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity. -- Chris Boot bo...@bootc.net ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] peer request for pgp.uplinklabs.net
On 31/08/16 06:12, Steven Noonan wrote: > Resending this message with a key that isn't revoked. Doh! Except now, because it's an ECC key, nobody can verify your mail unless they're running GPG 2.1... :-) Cheers, Chris -- Chris Boot bo...@bootc.net signature.asc Description: OpenPGP digital signature ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Peer request
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 At Mon, 29 Aug 2016 15:38:02 -0700, elsif wrote: > > [1 ] > [1.1 ] > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hello, > > I am looking for peers for a new SKS keyserver installation. ok! > > Hostname: keyserver.shadowserver.org >Version: 1.1.5 > Keys: 4412126 > > > I imported the current keydump from http://pgp.key-server.io/dump/current/. > > Thanks > > keyserver.shadowserver.org 11370 # elsif 0x93A10DF4 I added you to my membership file, here's my info as well: sks.rarc.net 11370 # morr...@ops-netman.net 0xA843B36B - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFXxaoxr6swUqhDs2sRAl/dAJ9At66EMMgLOSmT+lMlTW16L71SbACeLROP bdmQLkWPCRttbiV6aIg7Y2E= =A4mD -END PGP SIGNATURE- ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] couple questions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 At Thu, 09 Jun 2016 10:53:47 -0400, Fabian Santiago wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > ok, > > with square brackets fails the service hard. [] are shell specials, so quotes are probably required in an option. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 iEYEARECAAYFAldZibUACgkQr6swUqhDs2u7MwCghJJGASiocG+ydFQX8Qieywbk kIUAnioaTZm8NR/ZyCIVu5XZOgjk8g2f =Qunc -END PGP SIGNATURE- ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Oh, Jeeez...!
At Wed, 25 May 2016 00:04:05 +0200, Arnold wrote: > > On 24-05-16 18:17, Tobias Frei wrote: > > Adding proof of work can only prevent an attack that depends on a huge > > number of > > useless keys. > > Setting a maximum upload size can help and is easy to implement locally. > Further, > it is possible to limit the rate at which a single IP (or IPv6/64) can upload > new > or updated keys. A determined attacker can already simply increment their IID on a v6 capable interface through a /64... so I'm not sure limits/ip are helpful. A coordinated botnet of ~200k (not unheard of) ipv4 connected endpoints could also busily upload to local keyservers 1 key per second. -chris ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] seeking peers for sks.rarc.net
At Fri, 20 May 2016 13:55:56 +0200 (CEST), Gabor Kiss wrote: > > > Howdy, > > I am looking for peers for a new SKS keyserver installation. > > > > I am running SKS version 1.1.3, on sks.rarc.net. I support a local > > Dear Chris, > > Please check these pages: > > https://sks.rarc.net/pks/lookup?op=stats > (i.e. no change since 6th of May) > https://sks-keyservers.net/status/ks-status.php?server=sks.rarc.net > > I guess you have a quite rigid firewall setup. :-) actually apparently the recon process isn't happy starting... so I've been trying to sort that out, while also unclogging my day-job work load ;( I'm hopeful I'll make progress today though :) > > Regards > > Gabor > -- > A mug of beer, please. Shaken, not stirred. ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] seeking peers for sks.rarc.net
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 At Fri, 6 May 2016 14:28:53 +, Mire, John wrote: > > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > Done. > > please add my info to your membership file: > > keyserver.lsuhscshreveport.edu 11370 # John Mire > 0xE3DF4A51500026E6 done, thanks! - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFXLNr7r6swUqhDs2sRAkVpAJ4vP55+2k/t5VcB36UirfyVW9mm6wCdEZS/ 8EBsJ7xbuZ5VlWnZlLNb4Gc= =uZpp -END PGP SIGNATURE- ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
[Sks-devel] seeking peers for sks.rarc.net
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Howdy, I am looking for peers for a new SKS keyserver installation. I am running SKS version 1.1.3, on sks.rarc.net. I support a local hosting company (AS54054) and some security related functions as well: nsp security operations security trust - https://openid.ops-trust.net/about both of which are users of the gpgs, so having a 'local' resource for key management/search/import/export is helpful and removes some load from public server sets. The server is physically located in Asburn, VA (US). The machine has IPv4 and IPv6(native) connectivity. I have loaded a keydump from http://keyserver.borgnet.us/dump/, dated 2016-05-02. I see 4,265,056 keys loaded. For operational issues, please contact me directly. sks.rarc.net 11370 # Chris Morrow 0xA579BB14 Thank you, - -chris morrow -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFXK2lIr6swUqhDs2sRAtX/AJ482Vwzd8EFzQcXMxalMaP2rTiFtACfe0wy uqDlZ946qXpjSPTHjrHxei8= =r7MS -END PGP SIGNATURE- ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
[Sks-devel] seeking peers for sks.rarc.net
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Howdy, I am looking for peers for a new SKS keyserver installation. I am running SKS version 1.1.3, on sks.rarc.net. I support a local hosting company (AS54054) and some security related functions as well: nsp security operations security trust - https://openid.ops-trust.net/about both of which are users of the gpgs, so having a 'local' resource for key management/search/import/export is helpful and removes some load from public server sets. The server is physically located in Asburn, VA (US). The machine has IPv4 and IPv6(native) connectivity. I have loaded a keydump from http://keyserver.borgnet.us/dump/, dated 2016-05-02. I see 4,265,056 keys loaded. For operational issues, please contact me directly. sks.rarc.net 11370 # Chris Morrow 0xA843B36B Thank you, - - -chris morrow -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFXK2lyr6swUqhDs2sRAiStAJ4kqbIIcuomjM+aVLDG5qDHTixmPACffHAq /l0WyfptqGGbiS0HYKD2jC8= =ZzMV -END PGP SIGNATURE- ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Seeking peers for keyserver.opensuse.org
On 08/04/16 09:20, Lars Vogdt wrote: > Am Fri, 8 Apr 2016 09:04:31 +0100 > schrieb Chris Boot : >>> > > So what is the best practice here? I found some sks servers running >>> > > the same web-pages on 11371 and some which do not provide any >>> > > webpage. >> > >> > >> > That's fair enough - I don't use nginx for my keyserver so I can't >> > really comment on those instructions, but it feels to me like a >> > keyserver should present the same interface on port 11371 as it does >> > on port 80. That's not to say that it's broken, and it certainly >> > looks like it will work for the more general use case of GPG fetching >> > keys, it just feels less user friendly. > I with you regarding the user friendliness. So let me see if I should > simply get rid of nginx or find another solution to provide the WebUI > also on Port 11371. :-) Hi Lars, I'm sure you can do it without dropping Nginx; I don't think the web server / reverse proxy has much to do with it. I'd imagine you just need to forward to your internal port 11371 using the same method on port 80 as you do on your external port 11371. The error I'm getting is "Page not found: /srv/sks/web/index.html". I'd say it's SKS itself generating that error, so it can't find its HTML files. Looking at your headers, it seems that your port 11371 server isn't going through Nginx at all, which may be part of the problem - I don't see a 'Via' header as I expected to. What I ended up doing is forcing sks's to listen to localhost only for HKP: hkp_address: 127.0.0.1 ::1 Then I have Apache listen on my external IP addresses on port 11371 (not the catch-all 0.0.0.0 or :: address) and proxy requests through. Cheers, Chris -- Chris Boot bo...@bootc.net ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Seeking peers for keyserver.opensuse.org
On 08/04/16 08:06, Lars Vogdt wrote: > Am Wed, 6 Apr 2016 07:46:35 +0100 > schrieb Chris Boot : >> I'd be happy to peer with you, but there doesn't appear to be a home >> page (e.g. with a search box) on your sks installation: >> http://keyserver.opensuse.org:11371/ gives me a 404 error. > > I'm sorry, I just followed > https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering > which tells me that the root of the nginx proxy should point to the sks > server behind 11371 and not providing any webside (as I do on port 80). > > So what is the best practice here? I found some sks servers running the > same web-pages on 11371 and some which do not provide any webpage. Hi Lars, That's fair enough - I don't use nginx for my keyserver so I can't really comment on those instructions, but it feels to me like a keyserver should present the same interface on port 11371 as it does on port 80. That's not to say that it's broken, and it certainly looks like it will work for the more general use case of GPG fetching keys, it just feels less user friendly. >> I also have it on good authority that the operators of the >> the.earth.li keyserver (http://the.earth.li/pgp_lookup.html) *really* >> appreciate it if SKS users configure outgoing mailsync to >> pgp-public-k...@the.earth.li. To the extent that one of the operators >> gave me a real telling off about disabling it on my server. So please >> consider enabling this too. > > So I will follow: > https://bitbucket.org/skskeyserver/sks-keyserver/overview > => Outgoing PKS synchronization: mailsync file - correct? > > I will contact Jonathan McDowell and ask him if I can add his server to > the mailsync file. Yes, you only need the outgoing part, and certainly no harm asking Jonathan about it first. The problem, as I understand it, is that SKS servers will only mailsync changes pushed directly to them and not changes gossiped from other SKS peers. That means that servers that rely on mailsync alone will be missing out on a large proportion of changes from the keyserver network. With all that said, I've added you to my membership file. Please add me in return: sks.bootc.eu 11370 # Chris Boot 0xF5C83C05D9CE Cheers, Chris -- Chris Boot bo...@bootc.net signature.asc Description: OpenPGP digital signature ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Seeking peers for keyserver.opensuse.org
On 05/04/16 10:07, Lars Vogdt wrote: > Hi, > > we are looking for peers for a new SKS keyserver installation. > > We are running SKS version 1.1.5, on keyserver.opensuse.org. [...] > For operational issues, you can contact either our ticket system behind > ad...@opensuse.org or me directly. > > keyserver.opensuse.org 11370 # Lars Vogdt > 0xF62B7584 Hi Lars, I'd be happy to peer with you, but there doesn't appear to be a home page (e.g. with a search box) on your sks installation: http://keyserver.opensuse.org:11371/ gives me a 404 error. I also have it on good authority that the operators of the the.earth.li keyserver (http://the.earth.li/pgp_lookup.html) *really* appreciate it if SKS users configure outgoing mailsync to pgp-public-k...@the.earth.li. To the extent that one of the operators gave me a real telling off about disabling it on my server. So please consider enabling this too. Regards, Chris -- Chris Boot bo...@bootc.net signature.asc Description: OpenPGP digital signature ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Downtime: www.mainframe.cx
Finally got around to rebuilding my keyserver. Since I've switched ISPs I decided to switch the hostname to match the "keys." pattern. keys.mainframe.cx 11370 # Chris Kuethe 0x087AA33B Regards, -C On Mon, Aug 17, 2015 at 8:51 PM, Chris Kuethe wrote: > Due to hardware failure my keyserver is offline for the forseeable > future. Feel free to de-peer or just comment out my server - I'll let > you know when/if I get a replacement box. > > -C > > -- > GDB has a 'break' feature; why doesn't it have 'fix' too? -- GDB has a 'break' feature; why doesn't it have 'fix' too? ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] seeking peers for pgpkeys.ch
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2015-09-12 16:01, Julien Sansonnens wrote: > Hi, > > I am looking for peers for a new SKS keyserver installation. > > I am running SKS version 1.1.5, on pgpkeys.ch <http://pgpkeys.ch> > (debian jessie). This is a private server. Web access is available > on http://www.pgpkeys.ch The server is physically located in > Strasbourg, France (EU). The machine has IPv6 connectivity. Hi Julien, Your server is not accessible over port 11371; is that expected? Cheers, Chris - -- Chris Boot bo...@bootc.net -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQJ8BAEBCgBmBQJV9Ek9XxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXREQThBOTBGNTdGRkIxRDY0N0U0MDM0REE0 MTFBNzMzRTY3RDY0RkZFAAoJEEEacz5n1k/+ONkQAJ9Sc+KU5IW9CAZceU9VRXIG ungD0UxFxWTGrAzKPDcapC4YapXf+knU+s/Ni7FbKw7ezgR7w2rI7K2cHWcOOlUz bgRwu9TJE3fKKDCtXuLjqXCt8l5GSPodpuIBp57U/0p4grjL0xcWX6IicMdoHUyx clQMV+JTnqvyzNATwmmsvgl0IhShSmr9aK9NSnmyBrKmtl1YBZHqvjUuRtjhYp4s GqQlyfRTvrPrY3DCfXyvPBbqJZh3WbUTTf3AtEqOpPIkXIksdvnnDLXQpRQSEgE9 bYxy+7GTXcjRwye4t7C59YeC9rbhX4QRXlCA16N/ggbBHXg2ZZUb7p94K0tzznaz QKPeNaXpJ4wP5svB7nYMMFoibKVjpjY7RKJNlYKlwyMnKI2nHpj9vBYHgPtZQWSJ 5qc4UU7sHfBtkCsw8rt8gt5OhjAzvmahYYhsh0ZgvozwFOLB4Dxl0snaY6bZYN0D zDIYps9mOS7pBYLsr07H27EhfN1mTAwq8uzvVgizFmm60/K3DMo61QdtjQYqEt7z uUdqymkzbir7XrOpgshZl8Pocw4/8eZAibPne46TKvIX9bqcYcaBA1XrGXfRK8dQ cnFpnquUky0RMSkThgiwUtbvl/tRZAhECv3CS22x291szFrMJWFwUo4Im74AtS5B QTFNx5BpujnLiUJaTJw4 =dQ/X -END PGP SIGNATURE- ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] sks.bootc.eu down temporarily
On 18/08/2015 19:06, Chris Boot wrote: > Hopefully won't be for long: I hit some PTree corruption and I'm > rebuilding it. It should be up again fairly soon. It's back and fully caught up. HTH, Chris -- Chris Boot bo...@bootc.net signature.asc Description: OpenPGP digital signature ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
[Sks-devel] sks.bootc.eu down temporarily
Hopefully won't be for long: I hit some PTree corruption and I'm
rebuilding it. It should be up again fairly soon.
This seems to be a recurrence of the following:
http://lists.nongnu.org/archive/html/sks-devel/2012-08/msg6.html
The messages I got were:
2015-08-18 16:32:53 Raising Sys.Break -- PTree may be corrupted:
Failure("remove_from_node: attempt to delete non-existant element from
prefix tree")
2015-08-18 16:32:53 callback interrupted by
break.
2015-08-18 16:32:53 DB closed
This is using SKS 1.1.5 on Debian Jessie. This is the first time I've
had to do a PTree rebuild since setting up the server 4 days short of a
year ago.
HTH,
Chris
--
Chris Boot
bo...@bootc.net
signature.asc
Description: OpenPGP digital signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel
[Sks-devel] Downtime: www.mainframe.cx
Due to hardware failure my keyserver is offline for the forseeable future. Feel free to de-peer or just comment out my server - I'll let you know when/if I get a replacement box. -C -- GDB has a 'break' feature; why doesn't it have 'fix' too? ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
[Sks-devel] seeking peers for sks.bootc.eu
Hi, I am looking for peers for a new SKS key server installation. I am running SKS version 1.1.5-1 (from Debian), on sks.bootc.eu. This is a private machine located in Devon UK, is connected via a fast bonded VDSL setup, and has IPv6 connectivity. I have loaded a key dump from keyserver.secretresearchfacility.com, dated 2014-08-21. I see 3700039 keys loaded. For operational issues, please contact me directly. sks.bootc.eu 11370 # Chris Boot 0xD9CE Stats are available from: http://sks.bootc.eu:11371/pks/lookup?op=stats Thanks in advance, Chris -- Chris Boot bo...@bootc.net signature.asc Description: OpenPGP digital signature ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
[Sks-devel] pgp.gmu.edu looking for peers
(apologies if this double-posts, I had some issues sending this earlier) Hello all, The student-run computing group at George Mason University has set up an sks server, and we are looking for peers. We are running 1.1.3 from Ubuntu's precise-backports repository, though we plan to upgrade to 1.1.4 once Ubuntu 14.04 works correctly on Xen. It was just set up and is running with a keyserver dump generated in the past few days. Since this is a student group, there will be occasional operator turnover, so if there are problems in the future you should email our keyserver email alias, given below. Our membership line: pgp.gmu.edu 11370 # GMU Student-Run Computing and Technology If there are any initial setup issues which I have not caught, please feel free to email me directly as well. Thanks, Chris Reffett ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
[Sks-devel] pgp.gmu.edu looking for peers
Hello all, The student-run computing group at George Mason University has set up an sks server, and we are looking for peers. We are running 1.1.3 from Ubuntu's precise-backports repository, though we plan to upgrade to 1.1.4 once Ubuntu 14.04 works correctly on Xen. Since this is a student group, there will be occasional operator turnover, so if there are problems in the future you should email our keyserver email alias, given below. Our membership line: pgp.gmu.edu 11370 # GMU Student-Run Computing and Technology If there are any initial setup issues which I have not caught, please feel free to email me directly as well. Thanks, Chris Reffett ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] sks backup
I suggest that you make a tar archive of the sks database directories and extract it later. Shut down sks cleanly, use the db_recover and db_archive tools to check that your databases are all healthy and that there are no stale journal files. Then... tar cf /mnt/my_backup_disk/sks.tar /home/sks & (assuming your backup disk is mounted at /mnt/my_backup_disk and sks is installed in /home/sks.) f your backup disk is slow (~5MB/s) and your cpu is fast, it might be faster to compress the backup. CK On Tue, Mar 3, 2009 at 4:42 AM, gabrix wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Hi! > I have to format my system and i was wondering for the proper way to > back up the sksdb . I wanted to restart the sksd from where it was > stoped before the format. > Thanks. > > Gab > > - -- > Key ID: BC4F9423 > Fingerprint: 36C6 E257 2801 46E7 69A7 Â 8721 F502 1342 BC4F 9423 > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.9 (GNU/Linux) > > iEYEAREKAAYFAkmtF7sACgkQ9QITQrxPlCOC6ACffnIwBkCjroIt927PtdcWFJf4 > 5OEAnR3xZWd0zvC5F9QmoKdRQs/4SeRg > =bhXx > -END PGP SIGNATURE- > > > > ___ > Sks-devel mailing list > Sks-devel@nongnu.org > http://lists.nongnu.org/mailman/listinfo/sks-devel > -- GDB has a 'break' feature; why doesn't it have 'fix' too? ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] sks server at gabrix.ath.cx 11370
On Sat, Jan 3, 2009 at 9:57 PM, Kiss Gabor (Bitman) wrote: >> it reloads membership at a configurable interval ... see "sks help" > > Sorry Chris, but I do not understand what do you mean: sorry, i meant "--help" -membership_reload_interval maximum interval (in hours) at which membership file is reloaded -- GDB has a 'break' feature; why doesn't it have 'fix' too? ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] sks server at gabrix.ath.cx 11370
On Sat, Jan 3, 2009 at 9:47 PM, Kiss Gabor (Bitman) wrote: >> > Do you have dynamic IP address? > >> Yes ! > > I wonder if sks can recover gossip partnership > if connection lose and your address changes? > I guess not. > I think it resolves hostnames at startup only. it reloads membership at a configurable interval ... see "sks help" also, gabrix, you need to shut down your sks instance, run "sks cleandb" and restart sks... CK -- GDB has a 'break' feature; why doesn't it have 'fix' too? ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Linking error in sks-1.1.0
and is that .a file really an archive? is it big enough to be a library? does "file" think it's a library? does "ar t libdb.a" show any objects? i'm thinking it's some libtool stupidity because it looks like you're trying to link against the library in the db build directory, rather than a correctly installed library... On Thu, Dec 11, 2008 at 3:21 PM, Sebastian Wieseler wrote: > Hello. > > On Thu, Dec 11, 2008 at 12:03:22PM -0800, Chris Kuethe wrote: >> you could build db 4.6 and install it into /home/sks. then you have >> the required library, but you don't pollute the base system > > I've done so. > And then run after make dep: > > LIBDB=/home/sks/db-4.7.25/build_unix/libdb.a make all > this said: > bdb/libbdb.a: could not read symbols: Archive has no index; run ranlib to add > one > collect2: ld returned 1 exit status > > And no, running ranlib bdb/libbdb.a doesn't make anything better > > > Thanks for your help! > Regards, >Sebastian Wieseler > > -- > ,= ,-_-. =. /"\ > ((_/)o o(\_)) \ /ASCII Ribbon Campaign > `-'(. .)`-' && X against HTML e-mail > \_/ / \ > > > -- GDB has a 'break' feature; why doesn't it have 'fix' too? ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Linking error in sks-1.1.0
On Thu, Dec 11, 2008 at 11:26 AM, Sebastian Wieseler wrote: > Ahh. Thanks! > Terrible that db-4.6 isn't yet umasked on Gentoo. :-( you could build db 4.6 and install it into /home/sks. then you have the required library, but you don't pollute the base system -- GDB has a 'break' feature; why doesn't it have 'fix' too? ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
[Sks-devel] new keyserver looking for peers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey y'all, I've just set up a new keyserver and wouldn't mind a few more servers to peer with. www.mainframe.cx 11370 CK -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (OpenBSD) iEYEARECAAYFAkkwy8gACgkQSdy1aAh6ozs6NACfcGl7tINBbrSGHL86GmSanghA MOkAnjn92Sdtm6D013+rDc6xyBHqeT+0 =5Yib -END PGP SIGNATURE- -- GDB has a 'break' feature; why doesn't it have 'fix' too? ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Installing a new SKS server
On Mon, 13 Aug 2007, Ron Peterson wrote: > 2007-08-13_00:20:59-0400 Jack Cummings <[EMAIL PROTECTED]>: > > On Sun, Aug 12, 2007 at 09:05:17PM -0600, Chris Kuethe wrote: > > > > > I assume that was you grabbing my latest keydump - let me know when you've > > > got it loaded and the name of your server, and I'll add you to my peers > > > list. > > > > Monthly keydumps sound like a good use for torrents. > > I like that idea. I don't mind setting one up, but I've got to get > through the end of summer crunch first. It occurs to me that this may not work as well as one might like. Everybody's keydump is going to be slightly different based on what order keys were loaded, last update time, where a given update was injected into the net ... to me that suggest that we'll have 40 servops all downloading a torrent they don't really need. So long as the keydump is within a few thousand keys of the full keyring, I think that's probably sufficient to bootstrap a server. Also, how often do keydumps actually get used? At least for users at other academic institutions, it makes sense to have a dump available via FTP - this may suffer less a the hands of the traffic shapers that are getting so common these days. If others would see value in this, I'm willing to schedule a weekly or monthly dump and leave it open for all interested parties... CK -- Chris Kuethe, GCIA: Secure Systems Specialist - U of A AICT office: 157 General Services Bldg.+1.780.492.8135 [EMAIL PROTECTED] GDB has a 'break' feature; why doesn't it have 'fix' too? ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Installing a new SKS server
On Sun, 12 Aug 2007, Jack Cummings wrote: > On Sun, Aug 12, 2007 at 09:05:17PM -0600, Chris Kuethe wrote: > > > I assume that was you grabbing my latest keydump - let me know when you've > > got it loaded and the name of your server, and I'll add you to my peers > > list. > > Monthly keydumps sound like a good use for torrents. Yes, though I don't mind leaving a not-too-outdated dump up at ftp://pgp.srv.ualberta.ca/ -- Chris Kuethe, GCIA: Secure Systems Specialist - U of A AICT office: 157 General Services Bldg.+1.780.492.8135 [EMAIL PROTECTED] GDB has a 'break' feature; why doesn't it have 'fix' too? ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Installing a new SKS server
I assume that was you grabbing my latest keydump - let me know when you've got it loaded and the name of your server, and I'll add you to my peers list. CK On Sun, 12 Aug 2007, Kim Minh Kaplan wrote: > Hello, > > I just installed sks-1.0.10. Before trying to synchronize with others > keyservers, my understanding is that I need to import a dump. But > where do I get this dump from? > > Kim Minh. > -- > http://www.kim-minh.com/ > > > ___ > Sks-devel mailing list > Sks-devel@nongnu.org > http://lists.nongnu.org/mailman/listinfo/sks-devel > -- Chris Kuethe, GCIA: Secure Systems Specialist - U of A AICT office: 157 General Services Bldg.+1.780.492.8135 [EMAIL PROTECTED] GDB has a 'break' feature; why doesn't it have 'fix' too? ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Re: [pgp-keyserver-folk] Bigbrother at pgp.uni-mainz.de
On Thu, 27 Jul 2006, Olaf Gellert wrote: Monitoring of SKS servers was done already by a script written by Chris K?the. But it seems to be non-functional right now (http://pyxis.cns.ualberta.ca/cgi-bin/sksnet gives "forbidden"). That URL is a bit stale. My keyserver has been given its own box (as opposed to being run on my workstation). The new monitor is at http://pgp.srv.ualberta.ca/cgi-bin/sksnet -- Chris Kuethe, GCIA: Secure Systems Specialist - U of A AICT office: 157 General Services Bldg.+1.780.492.8135 [EMAIL PROTECTED] GDB has a 'break' feature; why doesn't it have 'fix' too?___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
[Sks-devel] Re: keyservers MIA
On Thu, 27 Jul 2006, Peter Palfrader wrote: Hi, while going over my membership file I noticed that a lot of keyservers I added over the time appear to have vanished. If you sync only or mostly against the keyservers below you should probably try to find a few more additional peers. The following keyservers from my membership file appear to be no longer functional (I did not check any servers not in my membership file!): - pgp.cns.ualberta.ca (Connection refused) D'oh. I'm not sure why this machine got rebooted without me being told. As for the latency in doing something about it... that's my overeager procmail filtering. Also, I'd prefer it if people started to refer to it as pgp.srv.ualberta.ca .cns is a leftover cname from when I was running it on my workstation. CK -- Chris Kuethe, GCIA: Secure Systems Specialist - U of A AICT office: 157 General Services Bldg.+1.780.492.8135 [EMAIL PROTECTED] GDB has a 'break' feature; why doesn't it have 'fix' too? ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] new keyserver
On Thu, 9 Feb 2006, Botka Istvan wrote: Hello! I'm planning to set up a new public keyserver. I have some questions before starting. I downloaded/compiled/installed sks from Savannah. The dump download, and db build is done. What is the resource requirements a keyserver. As I see the db is now ~5.5G. It is not problem up to ~10G permament and ~20G temporary. But I don't know anything about the CPU and bandwith requirements. I have to know some data about before I start the server. over the last 3 weeks, pgp.srv.ualberta.ca has done about 20MB/day === load averages: 0.74, 0.50, 0.26 02:41:12 29 processes: 28 idle, 1 on processor CPU states: 0.2% user, 0.0% nice, 0.9% system, 0.3% interrupt, 98.6% idle Memory: Real: 42M/131M act/tot Free: 873M Swap: 0K/1025M used/tot PID USERNAME PRI NICE SIZE RES STATEWAIT TIMECPU COMMAND 23230 sks20 5836K 31M sleepnetio0:03 0.10% sks 30989 sks20 2048K 2896K sleepnetio0:00 0.00% sks === i'm running on a dell PE1750, i think. 2.6GHz P4, 1GB mem. The server is located at Hungary, connected to the HBONE (National Academic Backbone Network). The site connection will be upgraded to 1 Gbit/s in this year. (But the server only have a FastEthernet interface). What is the administration way the set up the synchron peers? Ask people on the list to add your server to their membership files and when they do, add them to your membership file. --- By(t)e & 73! dx de Boti & (hg4lgn, ex:hg8lgn) A member of HuLUG http://www.cab.u-szeged.hu/local/linux ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel -- Chris Kuethe, GCIA: Secure Systems Specialist - U of A AICT office: 157 General Services Bldg.+1.780.492.8135 [EMAIL PROTECTED] GDB has a 'break' feature; why doesn't it have 'fix' too? ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Permanent diff with pgp.srv.ualberta.ca
On Fri, 26 Aug 2005, Jason Harris wrote: 2) pgp.srv.ualberta.ca (Chris Kuethe's server) was dumped (Aug 22, around 1900h GMT) and completely reloaded. #2 is doubtful. Google for the hosed hashes and you should find all 19 of them in messages _to this list_ titled "keyserver.noreply.org always 19 keys short" and "v3 keys w/(v4) subkeys still afflicting SKS." Well that's when I shut down sks, dumped and started the reload. Chris needs to shutdown SKS and run: %rm -f KDB/meta %sks cleandb on pgp.srv.ualberta.ca, posting clean.log in case the problem persists. done around 0900 MDT today. the clean log was empty save for "opening log" CK -- Chris Kuethe, GCIA: Secure Systems Specialist - U of A CNS office: 157 General Services Bldg.+1.780.492.8135 [EMAIL PROTECTED] GDB has a 'break' feature; why doesn't it have 'fix' too? ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Permanent diff with pgp.srv.ualberta.ca
On Fri, 26 Aug 2005, Marco Nenciarini wrote: Acions done: 1) on keyserver.linux.it (my server) rm -f KDB/meta; sks cleandb; sks pbuild -cache 20 -ptree_cache 70 2) pgp.srv.ualberta.ca (Chris Kuethe's server) was dumped (Aug 22, around 1900h GMT) and completely reloaded. ... And I ran sks cleandb after each keyfile I loaded in. Over 220 cleandb invokations. There were no errors from merge or build complaining about unparseable packet sequences. CK -- Chris Kuethe, GCIA: Secure Systems Specialist - U of A CNS office: 157 General Services Bldg.+1.780.492.8135 [EMAIL PROTECTED] GDB has a 'break' feature; why doesn't it have 'fix' too? ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Re: Permanent diff with pgp.srv.ualberta.ca
On Sun, 21 Aug 2005, Jason Harris wrote: On Sun, Aug 21, 2005 at 09:32:24AM -0600, Chris Kuethe wrote: Not sure what's going on there... Last reconciliation run was less than 10 minutes ago, and my keyserver thinks it has all the keys that you have. # ls -l diff-62.94.26.10_11371.txt -rw-r--r-- 1 sks sks 0 Aug 21 09:08 diff-62.94.26.10_11371.txt What if you remove the diff file? Does sks show the same keys after the next reconciliation attempt? We've had this happen several times before. Check the archives and you should learn that you need to force a "sks cleandb" on your end, Chris. Okie dokie. I just ran cleandb, though I ran it immediately after loading my keys but before bringing the keyserver up. CK -- Chris Kuethe, GCIA: Secure Systems Specialist - U of A CNS office: 157 General Services Bldg.+1.780.492.8135 [EMAIL PROTECTED] GDB has a 'break' feature; why doesn't it have 'fix' too? ___ Sks-devel mailing list [EMAIL PROTECTED] http://lists.nongnu.org/mailman/listinfo/sks-devel
[Sks-devel] Re: Permanent diff with pgp.srv.ualberta.ca
Not sure what's going on there... Last reconciliation run was less than 10 minutes ago, and my keyserver thinks it has all the keys that you have. # ls -l diff-62.94.26.10_11371.txt -rw-r--r-- 1 sks sks 0 Aug 21 09:08 diff-62.94.26.10_11371.txt What if you remove the diff file? Does sks show the same keys after the next reconciliation attempt? CK On Sun, 21 Aug 2005, Marco Nenciarini wrote: Watching my sks.recon.log i see many lines linke the following: 2005-08-21 07:40:18 Recon partner: 2005-08-21 07:40:18 Initiating reconciliation 2005-08-21 07:40:19 Reconciliation complete 2005-08-21 07:40:19 19 hashes recovered from 2005-08-21 07:40:20 Requesting 19 missing keys from , starting with 08AA24E2F387480CB210BDCB873941FB 2005-08-21 07:40:22 19 keys received repeated many and many times. The canonical name of 129.128.98.22 is pgp.srv.ualberta.ca (the administrator is in CC). The content of diff-129.128.98.22_11371.txt is unchanged for about a week and is: 08AA24E2F387480CB210BDCB873941FB 13E37C592A17EA2A345ED114BEA5D281 14D0F46517A209FB45E99D561CF4416C 21CD2A0C412A5E822E9B0CC429B4D5BB 30F5C7DD658BD5168D1DF47B3FA25764 414C5C056C71CACAAF30B2778BDCA966 64959A13B6CC708AF132EDEE1EC52BA6 6BAE0BF0C03265DC2903AA63DD0B38EC 8644C5708FCCBAC8557D377B69A4D00D 8CB12BFECF3A176C187C0313114766E7 8FA7BECE01316DAD8F8A304053D11279 A9FF155F4570A9DD0929A1B454B0A91A ABBE3124E9FC4C03E806BDE571A65835 BF291C42AE681A88EDC2EDAB06A0A3B9 CAE7CBB890F2941B2397DA2838D6C559 D2D924E26902BC4F25DCA201357D49F3 DD220AFE54B50E4B72D3A32CEC9E8E84 E6EDE5ED1B30E10092A140AEDBA89AC2 F77745FECCE6A3C8D0CB717504A7761F Any idea on how to handle this problem? Bye -- - |Marco Nenciarini| Debian/GNU Linux Developer - Plug Member | | [EMAIL PROTECTED] | http://www.prato.linux.it/~mnencia | - Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4 -- Chris Kuethe, GCIA: Secure Systems Specialist - U of A CNS office: 157 General Services Bldg.+1.780.492.8135 [EMAIL PROTECTED] GDB has a 'break' feature; why doesn't it have 'fix' too? ___ Sks-devel mailing list [EMAIL PROTECTED] http://lists.nongnu.org/mailman/listinfo/sks-devel
