Re: [Sks-devel] Re: problems with SKS 1.0.10 when searching by key ID from GnuPG

2009-03-25 Thread Phil Pennock 
On 2009-03-24 at 14:55 -0700, Phil Pennock wrote:
 On 2009-03-24 at 11:57 -0400, Daniel Kahn Gillmor wrote:
  Are these scripts published? (this is out of curiosity more than
  anything else)
 
 Well, since it's just curiosity, I'll pipe in with something roughly
 equivalent to the IP generation side:
 
   http://sks.spodhuis.org/sks-peers/ip-valid

Several bug-fixes later, and I might as well make this available in a
standard place.

  http://people.spodhuis.org/phil.pennock/software/

The latest version should always be there, with a detached PGP
signature and a ChangeLog.

-Phil


pgpehv553Y2Jn.pgp
Description: PGP signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/sks-devel

[Sks-devel] Re: problems with SKS 1.0.10 when searching by key ID from GnuPG

2009-03-24 Thread Kristian Fiskerstrand 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Daniel Kahn Gillmor wrote, On 03/23/2009 09:17 PM:
 On 03/23/2009 04:02 PM, David Shaw wrote:
 On Sun, Mar 22, 2009 at 07:41:50PM -0400, Daniel Kahn Gillmor wrote:
 has any thought been
 given to requiring members of the keyserver pools to not run that
 version of SKS?  keys.gnupg.net itself contains several keyservers
 running 1.0.10, which misbehave in response to standard gpg searches by
 keyid.
 None that I know of.  Eventually, such a thing will be necessary, but
 it would have to be done via whoever controls the particular keyserver
 round-robin.
 
 Kristian Fiskerstrand, i believe you're controlling
 pool.sks-keyservers.net -- do you have any plans to reject members
 running known-buggy versions?

It is correct that I run the keyserver pool, but no, I don't have any
current plans for doing so.. mainly because it hasn't been much of an
issue before..

But I'm always open for suggestions. As for now I already have blacklist
on aliases/ips, but there is an RFE to block certain versions?

 Those of you who run keyserver pools: what software do you run to manage
 the DNS?  Does it have the ability to reject by reported version?

Its a set of PHP and bash scripts updating mine at least, and yes, I
would have the ability to block by version.

For now I created subset.pool.sks-keyservers.net which should include
only keys that are reporting version to be 1.1.0 , so please test this out.

- --
- 
Kristian Fiskerstrand
http://www.kfwebs.net
- 
Divide et impera
Divide and govern
- 
http://www.secure-my-email.com
http://www.secure-my-internet.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.10 (GNU/Linux)

iQIcBAEBCAAGBQJJyP6WAAoJEBbgz41rC5UIs/kP/iBx5LQ1Ck17UA03g5qOjccZ
2yCDfVifa3I2ysb8gcUTCIQh8/k4hGTjRzhB/EEbnBtMad8IrhjjYgHIFeXQmBnb
Hj1ojTe5DD8sBRAO5igu6gxJd1iEyOTWOrt6YuRdq3CunoSx4bXrDGEk9KqwSfAq
iC1arHYXFg4YJtSZKk2JeJJAN7biIAwQftDeZALeJ8RqoHVP9+tLx4/lmuGvH3ts
R0bla0/ULuNlcA3St+7kJZGkqfS69yrZd08JC0WL86iWJdOJIMdJ/zIoLXMnHZu6
+6aTpFhdWakLY7S2UDVhWeIK4fiN7XX/d3FGb9UBX8XWck22ijStK82tGYtzUx1P
PvhNG+rPGzLvJ9KWQLLA/AFjyF1lBlq7Q4gAqhbZnT1g+aiswC3yKaq+tzdhus38
MqZ7uC/hLtxsVstnIQhjSwVBh6xEf7Sgi6E6nPmdjs4Yb3gIHiHRjvpLQOEhCnXQ
uUZegarMZYeZifp/MdvFQo+b6cU4cd3qMSV/1ZslibiHFl0qjk6MzhHCesLF96eK
zR/HAbgtFcG7YKio2OMWRrNzRQiJiFyLmnY4x4C2QhJyCY1kRV8XVBRY8D8/nr3+
6+lcGx9cG3D81a2V5yaljty5DpI9V5fDw9npIkQ3hPPlwzJVJUpdXl+BO+exx76T
gGDaAuyUi/vDGdDX0l1K
=evFD
-END PGP SIGNATURE-



___
Sks-devel mailing list
Sks-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/sks-devel