[Sks-devel] SKS peering?

[Hendrik Visage]

Good day,

 I’m busy with my last rebuild tests, then I’ll refetch a recent key dump, and 
are looking for peers to connect to once I’m done.

I’ll start by deploying 2x servers:

sks1.cryptokeys.org.za - CapeTown, South Africa (Yes, that city nearly without 
water)
IPv4 & IPV6

sks2.cryptokeys.org.za - France
IPv4 & IPv6

Once these are up & running I’ll lobby for a 2nd server in South Africa


---
Hendrik Visage
HeViS.Co Systems Pty Ltd
T/A Envisage Systems / Envisage Cloud Solutions
+27-84-612-5345 or +27-21-945-1192
hvis...@envisage.co.za





signature.asc
Description: Message signed with OpenPGP
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] SKS Peering Request for tyo1.sks.reimu.io

[Matt Rude]

Siyuan,
I have added you to my server, please add my server to your membership file.

keyserver.mattrude.com 11370 # Matt Rude 
0x27143AFFDD23BF73

Thanks
-matt


*Matt Rude*Minneapolis, Minnesota, USA
website: http://mattrude.com
gpg: 0x1EAABDDE 

On Fri, Feb 6, 2015 at 2:34 PM, Aveline Swan  wrote:

> Hi,
>
> I am looking for peers for a new SKS keyserver installation.
>
> I am running SKS version 1.1.5, on tyo1.sks.reimu.io.
>
> The server is physically located in Tokyo, Japan.
> This server has native IPv6 connectivity.
>
> I have loaded a keydump from http://keyserver.mattrude.com/dump/current/,
> dated 2015-02-01.
> And I've also peered with my SKS server in Beijing.
>
> I see 3841406 keys loaded.
>
> For operational issues, please contact me directly.
>
> tyo1.sks.reimu.io 11370 # Siyuan Miao  0x367B7A82
>
> Thank you
>
> --
> Siyuan Miao (Aveline Swan)
>
> ___
> Sks-devel mailing list
> Sks-devel@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/sks-devel
>
>
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

[Sks-devel] SKS Peering Request for tyo1.sks.reimu.io

[Aveline Swan]

Hi,

I am looking for peers for a new SKS keyserver installation.

I am running SKS version 1.1.5, on tyo1.sks.reimu.io.

The server is physically located in Tokyo, Japan.
This server has native IPv6 connectivity.

I have loaded a keydump from http://keyserver.mattrude.com/dump/current/, dated 
2015-02-01.
And I've also peered with my SKS server in Beijing.

I see 3841406 keys loaded.

For operational issues, please contact me directly.

tyo1.sks.reimu.io 11370 # Siyuan Miao  0x367B7A82

Thank you

--
Siyuan Miao (Aveline Swan)


signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

[Sks-devel] SKS Peering Request

[Aveline Swan]

Hi,

I am looking for peers for a new SKS keyserver installation.

I am running SKS version 1.1.4, on pek1.sks.reimu.io.

The server is physically located in Beijing, China.

I have loaded a keydump from http://keyserver.mattrude.com/dump/current/, dated 
2015-02-01.
I see 3837162 keys loaded.

For operational issues, please contact me directly.

pek1.sks.reimu.io 11370 # Siyuan Miao  0x367B7A82

Thank you

--
Siyuan Miao (Aveline Swan)


signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] SKS peering request [pgp.cajuntechie.org]

[Javier Henderson]

> 
> On Aug 14, 2014, at 6:15 PM, Anthony Papillion  
> wrote:
> 
> Hi All,
> 
> I have a new keyserver running and would like to peer with other
> servers. Please add me to your 'membership' file with the following
> entry and provide your details in return so I can do the same:
> 
> pgp.cajuntechie.org 11370 # Anthony Papillion 0x53B04B15

Anthony,

You only have two keys, out of a few million, you will need to populate the 
server with a ~current key dump first.

Check this:

https://bitbucket.org/skskeyserver/sks-keyserver/wiki/KeydumpSources

-jav

smime.p7s
Description: S/MIME cryptographic signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

[Sks-devel] SKS peering request [pgp.cajuntechie.org]

[Anthony Papillion]

Hi All,

I have a new keyserver running and would like to peer with other
servers. Please add me to your 'membership' file with the following
entry and provide your details in return so I can do the same:

pgp.cajuntechie.org 11370 # Anthony Papillion 0x53B04B15

Thanks,
Anthony

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] SKS peering request (pgpkeys.co.uk & pgpkeys.eu)

[Karl Schmitz]

Hi Daniel,

Am 09.03.2014 14:25, schrieb Daniel Austin:
> pgpkeys.co.uk 11370 # Daniel Austin  0x34A3662F837F2C28
>
> pgpkeys.eu 11370 # Daniel Austin  0x34A3662F837F2C28
both added. Please add

sks.muc.drweb-av.de 11370 # Karl Schmitz  
0xF58B06CC71D3F6923354FCF1533AA65831B5CDFA

to your servers' membership files.

Thanks in advance,

Karl



signature.asc
Description: OpenPGP digital signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] SKS peering request for pgp.2280.net

[Karl Schmitz]

Hi Andrew,

Am 22.04.2014 17:17, schrieb Andrew Stothard:
> Hello,
>
> I am looking for peers for a new SKS keyserver installation.
>
> I am running SKS version 1.1.4, on pgp.2280.net .
> The server is physically located in Manchester, UK.
> It has both IPv4 and IPv6 connectivity.
>
> I have loaded a keydump from keyserver.secretresearchfacility.com
>  and am seeing 3593366 keys.
>
> The membership config line should be:
> pgp.2280.net  11370 # Andrew Stothard
> mailto:an...@2280.net>> 0xB68898B4
added. Please add

sks.muc.drweb-av.de 11370 # Karl Schmitz  
0xF58B06CC71D3F6923354FCF1533AA65831B5CDFA

to your server's membership file.

And while you're at it: Make sure to add

server_contact: *0x*3E3ED514DF2C9C98338671248CBBC068*B68898B4*

to your /etc/sks/sksconf. Just looks nicer on your server's statistics
page. ;-)

Thanks in advance,

Karl


signature.asc
Description: OpenPGP digital signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

[Sks-devel] SKS peering problems - sks.disunitedstates.com

[benfell]

Hi all,

I finally took a few minutes to go through all the "Not OK" peers on my  
status page at https://sks- 
keyservers.net/status/info/sks.disunitedstates.com


Where I had contact information, I have sent private messages. But there  
are a few peers for which I was unable to find contact information (at one  
point, I lost my membership file and recreated it, in part from a page  
similar to the above.


I noticed one peer still points to cybernude.org. This was shut down a  
while ago. Several still point to disunitedstates.com; I moved the sks  
server onto its own subdomain at sks.disunitedstates.com a while ago. And  
two peers seem to have been dead for a while.


I have commented out these peers from my membership file because I had no  
contact information and peering was broken anyway:


gpg.nebrwesleyan.edu
ice.mudshark.org (apparently dead)
keyserver.kjsl.org
keyserver.layer42.net
pgp.circl.lu
sks.powdarrmonkey.net
keys.klaus-uwe.me (apparently dead)

If the operators of these servers contact me (and, if necessary, resurrect  
their sks servers), I will be happy to re-establish peering with them. I am  
also open for new peering arrangements. My membership line is below:


sks.disunitedstates.com 11370 # David Benfell   
0x1236602B


Thanks!

--
David Benfell
See https://parts-unknown.org/node/2 if you do not understand the  
attachment.


pgp4rNfAgZ2Hy.pgp
Description: PGP signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] SKS peering request for pgp.2280.net

[Michal Bok]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

> Hello,
> 
> I am looking for peers for a new SKS keyserver installation.
> 
> I am running SKS version 1.1.4, on pgp.2280.net. The server is
> physically located in Manchester, UK. It has both IPv4 and IPv6
> connectivity.
> 
> I have loaded a keydump from keyserver.secretresearchfacility.com
> and am seeing 3593366 keys.
> 
> The membership config line should be: pgp.2280.net 11370 # Andrew
> Stothard  0xB68898B4

I have added you to my membership peers.
Please add me:

sks.mbk.net.pl 11370 # Michal Bok  0x0A7F735A

Regards,
- -Michal
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iQIcBAEBAgAGBQJTWCdUAAoJECzXLGsKf3NaPR4P/R7pBD08qmlxRchdEwvGcgWU
73dQakZm9z1oEcRouB3Myb9nK2pprksa+NFXcrB6k3gaThr0omj9kGyZ4gOPUrdG
lKf/17NYdE1nV+bPu0k16S8zorAk8RYlS6yDfR/v5UuVzXCRPfTsDRtAfTvPM15P
wJARBmsUX8M5gY/OHiBo2vgUYu2OHomh00Kv1YwhTYJh0vIscFxW0l8qHeMRfBEH
NUGz9HuRVtnAMW7Zrehl+ZQ7VBf5hRSxkMA0EOPOddfcfVxUcYCqB5QAR6mcafRc
uXSqHP/f04Y8BF5pjxBLuI9B0UcEzRRZ0blWi2m4NtI6eklh66FpdiZ6DvkouMq4
7y2Tc7wRSLikZ/kQn4AdGrnJs4VIKmr/Enul2NoERynUHfGrfSs/50VfRctuBTuZ
qCTsLXiutKPXXoNT0806KD9o4b2OusDJbOxYsnJeODj/HDxvQrBR/WlBPZy0iOJP
8mbmxBs26JwVhI4ei5Z2493SXC5fnTLMtKsRJAHW+iNjEOPHUEIyMDFPZhMJoUPr
YUpVSQMpX/Tdk5msX4KAUFN2UP0hWdZjyBuAtcnoOhIUsiP8QcDnuqU/SkmknWcO
WjFqPRDUL+RFSvobkZzt3qA8Afnzcak26iwTtQHYh5MfF6xTKxRR7G27jyn5OWWH
5J7nE0TiSuBz5ataKgt6
=JmXI
-END PGP SIGNATURE-

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

[Sks-devel] SKS peering request for pgp.2280.net

[Andrew Stothard]

Hello,

I am looking for peers for a new SKS keyserver installation.

I am running SKS version 1.1.4, on pgp.2280.net.
The server is physically located in Manchester, UK.
It has both IPv4 and IPv6 connectivity.

I have loaded a keydump from keyserver.secretresearchfacility.com and am
seeing 3593366 keys.

The membership config line should be:
pgp.2280.net 11370 # Andrew Stothard  0xB68898B4

Thanks
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] SKS peering request [sks-server.randala.com]

[Kristian Fiskerstrand]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 04/09/2014 02:36 AM, Martin Papik wrote:
> Dear Kristian
> 
> Thank you for your response.
> 
>>> Second, with 1.1.3, are ECC signatures lost? Meaning if someone
>>>  queries my server running 1.1.3 for a key containing an ECC 
>>> signature, will only the one signature be missing or will
>>> there be problems syncing any further signatures?
> 
>> For signatures the ECC signature will be gone by default, or an 
>> error will be shown for a primary ECC key. The keys will 
>> synchronize and the full key can be gotten from a 1.1.3 server 
>> using &clean=off option that disable the presentation filter. 
>> You'll find some details on number of ECC (primary) keys at [2]
> 
> So all the keys will be in the database on a 1.1.3 server, but 
> searching for ECC keys will fail with an error, and ECC signatures 
> will be omitted due to the filter which can be disabled with 
> clean=off. Did I understand you correctly? In which case, a 1.1.4

... yup

> server that is only peering with a single 1.1.3 server which peers 
> with the networ will get all the keys and return correct results.
> Is that true? Will a dump on a 1.1.3 contain the ECC key material?

... yup

> 
>>> I.e. will the whole key be lost, the ECC signatures only, or
>>> any signature after the first ECC signature is added? Another 
>>> question that occurs to me is, how many ECC signatures are 
>>> actually in the wild? Are many users affected? If so, I wonder
>>> if the logic that selects my server for inclusion in the pool
>>> is doing the right thing. Mine isn't the only 1.1.3 server
>>> included. So I wonder.
> 
>> ECC safe pool is the subset pool c.f. [0]. The 1.1.3 requirement 
>> is set mainly due to subkey safe searching. This will be bumped
>> to 1.1.5 once released.
> 
> Which requirement is this? For the ECC-safe pool? Because
> otherwise this seems to contradict the next paragraph.

the subset pool was linked as reference [0]

> 
>> 1.1.3 should be reasonably safe (in the meaning I don't have any
>>  immediate plans to discard it form the pool), however do note
>> that 1.1.4 was released in October 2012[1].
> 
 I believe that Kristian is currently trying to coordinate 
 getting some final changes in before a 1.1.5 release which 
 will have enough cleanups and improvements in ECC and web 
 security areas that it should be considered a "really really 
 should upgrade" release.
> 
>> It would have its set of improvements, indeed. And you're
>> correct in that I'm in favor of a new release soon, although I
>> must state the disclaimer that we haven't decided on this in the
>> team yet.
> 
> Do you have a time frame in mind?

No specific timeframe, I have an outstanding pull request on its way
into the main tree, after that I'm ready to go after some release
preparations, but it depends on whether the rest of the team has
anything outstanding.

> 
> Are the planned improvements documented somewhere? Are they in the 
> repository in the TODO file?

they are in the CHANGELOG [a]. The todo file isn't really used, we use
the issue tracker instead.

> 
> Is the repository always the latest version?

I don't understand this question.

> 
> Is the repository always safe to run? I mean, can the head always
> be safely deployed to be part of the public network?

No, it is a development branch. However, it is mostly iterative and as
such save, but "always" is a very strong requirement.

> 
> PS, sorry if my questions are tedious, but I'm new to sks so
> there's a lot that's not clear to me and I would like to make sure
> I don't misunderstand something. I hope it's okay.

Sure..


References:
[a]
https://bitbucket.org/skskeyserver/sks-keyserver/src/tip/CHANGELOG?at=default

- -- 
- 
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- 
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- 
Docendo discimus
We learn by teaching
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJTRPajAAoJEPw7F94F4TagyxUP/1N7UcUr6KIBkF/rxBF9ebN0
OmjE4HpA5J/s7ymrm74KuNYZUnVR7WLzCfe94mAEUDtWKfD/gxRBdD59ip4xLe/G
HyL9xhJ/fDW9uC6OAMPB0rxm1vpptipVKf7FtHaJsiAVIb9PLHjZHATNNyTmQpDx
aJ86GXsJaWaLQbF0o8QC92xjHF1aUVPspmS3jTrXUTqLMPxXmFtuLttuL4EzA+bb
VycOUm0RB7F1e9E5ahQ75wTgS0HbmmkDD0+WW8P9LROwfUeF/XCJDXTCCYV0nsKc
Litg9cTKuKLmAD1vwO526MXRxU2cmycki26PRAwIW+PT18xE+2LXBPrW/5zRrK4F
lQOJTxd0GGN8tIeA41OIyqgQM2QGNiLozdAtrcJx6Xr6+0p1tcjbEml4xfCX2DHr
ZqFjxTLuNFCK+muhwlc1MswcY7cR3+xOwuVkvOP4gHJRYM3teqGQpBJRGUVgnmRr
yAANAZhY70hAoVgD1WAv2AK+Yj2IGRxj2ctzfIULp+E3Y/DzYqeYVaPs+iqNsIPm
UpOARkoMvXBt5KWIHW23z0oOv/nMZ2nOAwMx/RabpzEy6FOKpHk/UgsfZSbP9TaC
n1ZGWg5svLBYgFw7+Cb4HMYWM7oYvxwUGY3+OsSbODpGKLk5XouSfBy3sSK+Kbv1
6VRTVWS7QCldvOy1Lg76
=Qq8Y
-END PGP SIGNATURE-

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://l

Re: [Sks-devel] SKS peering request [sks-server.randala.com]

[Martin Papik]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Dear Kristian

Thank you for your response.

>> Second, with 1.1.3, are ECC signatures lost? Meaning if someone 
>> queries my server running 1.1.3 for a key containing an ECC 
>> signature, will only the one signature be missing or will there
>> be problems syncing any further signatures?
> 
> For signatures the ECC signature will be gone by default, or an
> error will be shown for a primary ECC key. The keys will
> synchronize and the full key can be gotten from a 1.1.3 server
> using &clean=off option that disable the presentation filter.
> You'll find some details on number of ECC (primary) keys at [2]

So all the keys will be in the database on a 1.1.3 server, but
searching for ECC keys will fail with an error, and ECC signatures
will be omitted due to the filter which can be disabled with
clean=off. Did I understand you correctly? In which case, a 1.1.4
server that is only peering with a single 1.1.3 server which peers
with the networ will get all the keys and return correct results. Is
that true? Will a dump on a 1.1.3 contain the ECC key material?

>> I.e. will the whole key be lost, the ECC signatures only, or any 
>> signature after the first ECC signature is added? Another
>> question that occurs to me is, how many ECC signatures are
>> actually in the wild? Are many users affected? If so, I wonder if
>> the logic that selects my server for inclusion in the pool is
>> doing the right thing. Mine isn't the only 1.1.3 server included.
>> So I wonder.
> 
> ECC safe pool is the subset pool c.f. [0]. The 1.1.3 requirement
> is set mainly due to subkey safe searching. This will be bumped to
> 1.1.5 once released.

Which requirement is this? For the ECC-safe pool? Because otherwise
this seems to contradict the next paragraph.

> 1.1.3 should be reasonably safe (in the meaning I don't have any 
> immediate plans to discard it form the pool), however do note that 
> 1.1.4 was released in October 2012[1].

>>> I believe that Kristian is currently trying to coordinate 
>>> getting some final changes in before a 1.1.5 release which
>>> will have enough cleanups and improvements in ECC and web
>>> security areas that it should be considered a "really really
>>> should upgrade" release.
> 
> It would have its set of improvements, indeed. And you're correct
> in that I'm in favor of a new release soon, although I must state
> the disclaimer that we haven't decided on this in the team yet.

Do you have a time frame in mind?

Are the planned improvements documented somewhere? Are they in the
repository in the TODO file?

Is the repository always the latest version?

Is the repository always safe to run? I mean, can the head always be
safely deployed to be part of the public network?

PS, sorry if my questions are tedious, but I'm new to sks so there's a
lot that's not clear to me and I would like to make sure I don't
misunderstand something. I hope it's okay.

Martin
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJTRJX7AAoJELsEaSRwbVYrqvkP/Rov7oiy2Jssq0TxD6KzHUeJ
R7GlqFJpY9U0eSfPiekKwNLMLYGhfOjLaaMUR/tCY0Bj61Hzlefb8YcAE+A+xM4W
VYyMRN6kG1lFWM0K+e4+USlNu3tL2yqgxveYKhdLDn3n2Tih49QItNpuy/cqujPh
Cl+I109Nok+kZJsDsC1TcPzNA7ElM7wIjstIK7Vz830jXVIdMpQIElo33vYamgp4
PWArv5n8nTSWdPtLQS3qftPzT76TdjB89lasfJc/3Xudl+/TbOGUcPdRoTLUU+Ya
1HyumOm4br6ecuqa2cjHGYvZ2zti1qcwnjoPuU3/Eby6ei6pSF2BzeADcizbNDG2
WD3bcFKBfcGff4YLbktjUYn1MrTyf8m3vs7ZoQFlAYngz7yqLgx9wOELjfET1Ari
qaAUO89y2zYBwfyJpuTyreAGtu47y2/4fdDm8R50JHkwezV/pzPUgPiZIPhhKVR5
meT4Y07LHerBR5EoRg55L/Y/JFBZ4vSGcP6dZFBoPmNLhsZvp/TfGLe5VAobZfxj
O1Yo9t03isA0TMrdGWLpmrZRIMPnzfxsSbG7Dyk0bEU4cS6adD3lIjfiMwiJvdfC
7rBqoRVLwqO3lcXDb02csn+nsZylNNe0BALIK1VQjSyniZcyvOL4GUTfD0vSGu9T
wUlQM+mU2MCG0K45wCcs
=UC66
-END PGP SIGNATURE-

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] SKS peering request [sks-server.randala.com]

[Phil Pennock]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 2014-04-06 at 13:49 +0300, Martin Papik wrote:
> And my impression is that 1.1.3 is okay, a number of the servers
> visible on https://sks-keyservers.net/status/ are 1.1.3, and so far
> the only difference I came across is that 1.1.3 doesn't export server
> contact, which doesn't bother me overly. Is there a better reason to
> upgrade?

If your machine is actually a VM rather than raw metal, then 1.1.4 is
almost essential to avoid database corruption issues ("Use unique
timestamps for keydb to reduce occurrances of Ptree corruption").  Some
caching and other fixes.  The main other reason is to support ECC PGP
keys.  If you care about ECC, you'll want 1.1.4 or better.

I believe that Kristian is currently trying to coordinate getting some
final changes in before a 1.1.5 release which will have enough cleanups
and improvements in ECC and web security areas that it should be
considered a "really really should upgrade" release.

The key aspect here is that OS packaging doesn't tend to draw clean
distinctions between "stable dependencies which other software relies
upon" and "service applications which are the reason this machine
exists".  Often, for the latter group you want to try to stay very close
to the upstream most-recent release.

As a classic example of the trade-offs: I'm involved with Exim.  If you
have a system which just needs to send the occasional email and you want
package installation to handle setting up new role email addresses and
mailing-list integration for you, then you likely don't care about the
most recent version and you want to stick to the configuration layouts
provided by the OS packager.  On the other hand, if you're running a
mail-server, then this is entirely the wrong approach, because the
emphasis shifts to where the whole point of the server is this software
and you'll want the latest improvements and fixes from upstream which
reduce the problems when talking with others, you'll want support for
current trends in email security and you'll want to have a configuration
designed to be evaluated efficiently, for the million+ emails per day
you handle per machine, instead of the 5.

So, figure out why you're running SKS and what your goals are.  Decide
if it's important to you for your server to be included in public pool
definitions run by others, to provide a public service, or if you just
care about local users and being useful enough to the community that
others are prepared to bear the cost of providing you with feeds, so
that you can connect into the mesh.  (There is operational risk for the
stability of your server, for each peer you have, as each peer is able
to DoS your service with resource consumption attacks).

Once you know your answers to those issues, you'll know if you want to
(1) stick with the minimal OS version which can talk to other servers;
(2) run the most recent release, within T time of a new release;
(3) run a local build from Mercurial tip.

Regards,
- -Phil
-BEGIN PGP SIGNATURE-

iQEcBAEBCAAGBQJTQePhAAoJEKBsj+IM0duF2OsIAKRPIPRA3OVMVJjR48+rIXM3
JzfywdJlYObA+BdZKpNxl2M4BQjLXvTc2qVQGcG0Pl0g0yjvFG9MWti8dhN9XzFv
QLpzIqUVYZHW+kcih6r0PBws9t1PKwloVz6o2HkpCeN45/I2z2LcHLsfb60OlDAE
FekCZH4x0hctHZBcnnuxtBi7gG5S4LRyXWZgGdocF0QVNloe/zwB9CIMZ4BVdICa
5cFJBL+Bd5fvh+vVGewRqCPE4bRPNCXZ7egleaf2NOKNjfNzlvgIbU5U4DdbOuMW
1L8pWvCwR+b26rdg4ti5Re5B7lldjeSwBFJp9gSt7cgtwPLIBo6yujbAPFJC0QY=
=qPa9
-END PGP SIGNATURE-

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] SKS peering request [sks-server.randala.com]

[Kristian Fiskerstrand]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

[Please do not top-post, it makes it difficult to follow the thread]

On 04/07/2014 05:12 AM, Martin Papik wrote:
> 
> Dear Phil
> 
> First of all thank you for your exhaustive response, it's much 
> appreciated.
> 
> I'm running it on real HW, so the Ptree issues are not a problem, 
> although I am curious to know why and how such corruption happens
> on a VM. Is it because of something specific to SKS or DBD? How was
> it fixed in 1.1.4?

It relates to the timing information in the kernel clocksource not
being accurate enough in some VM environments, so one of the
workarounds is to use the tsc clocksource.

> 
> Second, with 1.1.3, are ECC signatures lost? Meaning if someone 
> queries my server running 1.1.3 for a key containing an ECC
> signature, will only the one signature be missing or will there be
> problems syncing any further signatures?

For signatures the ECC signature will be gone by default, or an error
will be shown for a primary ECC key. The keys will synchronize and the
full key can be gotten from a 1.1.3 server using &clean=off option
that disable the presentation filter. You'll find some details on
number of ECC (primary) keys at [2]

> I.e. will the whole key be lost, the ECC signatures only, or any
> signature after the first ECC signature is added? Another question
> that occurs to me is, how many ECC signatures are actually in the
> wild? Are many users affected? If so, I wonder if the logic that
> selects my server for inclusion in the pool is doing the right
> thing. Mine isn't the only 1.1.3 server included. So I wonder.

ECC safe pool is the subset pool c.f. [0]. The 1.1.3 requirement is
set mainly due to subkey safe searching. This will be bumped to 1.1.5
once released.

> 
> I can't do much about OS packaging, it already took extra effort
> to get 1.1.3 on the current stable version (not much, but extra),
> maybe somebody here could undertake the effort needed to backport
> the latest SKS for the stable branch of ubuntu. I've never done
> anything with ocaml so I don't feel qualified to roll out a
> package. Not even for myself to be honest. Or rather, I'm not in
> the best mental shape to be responsible for such a thing.
> 
> So the question that sticks out is this, am I degrading the network
> by being included in the pool with a 1.1.3 server? If so, what
> next?

1.1.3 should be reasonably safe (in the meaning I don't have any
immediate plans to discard it form the pool), however do note that
1.1.4 was released in October 2012[1].

> 

> Martin
> 


...

> 
>> I believe that Kristian is currently trying to coordinate
>> getting some final changes in before a 1.1.5 release which will
>> have enough cleanups and improvements in ECC and web security
>> areas that it should be considered a "really really should
>> upgrade" release.

It would have its set of improvements, indeed. And you're correct in
that I'm in favor of a new release soon, although I must state the
disclaimer that we haven't decided on this in the team yet.


References:
[0] https://sks-keyservers.net/overview-of-pools.php#pool_subset
[1] http://lists.nongnu.org/archive/html/sks-devel/2012-10/msg00010.html
[2] http://blog.sumptuouscapital.com/2014/01/openpgp-key-statistics/
- -- 
- 
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- 
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- 
Qui audet vincit
Who dares wins
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJTQoA8AAoJEPw7F94F4Tag9wUP/1F++7EJu33NsjCaj+0KSo4/
DFiiD1PXifp35KyCBsdV4fLxAgeen7bdMq08qbaTp8CAiK4MK4O8CNOj359s54sN
JI/hGIdMrcoTJp1RfCEee+9tdSiq0AIfm8HhZ2wdKcBF5gg1jumAV/wxX00V9rw3
KB+P+r83m6nS+BKMzAljKjX/WbFTr+7o13LKv1NSJO9Dfkpd2eLszCDAfVWixKw9
Tj0YmCuiKoQLIUDeWr8qQob4GSfLlLaBuuqBqn0SJNpQivo7pvF10mk5Z1bNkRhh
qAWBxMKVLNhnB7ke1o2j5C5mkMg8LdgHUnWw4bIj3O/YRSXf+Q+A6QdhijOryh/J
IKwri/xp2vdIE6NnPs7NJjg9O8zup0kRqE+f8glI6txmXFBzoNS5NjWPStewl13N
9SRixLiOTFkZoQ73QvBKu2IHcX0Z8yk9vGP0uR7JGbPKNC5vnBA7ZvImc+HJ2rqw
ouwPvpmv8wFnps6CClDKlYS6VGi3gCQIvdnDpdm6B5lrshHDpRLlQmpKIWRoa0OQ
0tNnBmPb8ziQJDyGCmbOzh6bQ+54uGAjhi/Zvc25Vj0ORuDzIOKgscbkHGDb0lY7
IpOWEkCw0VCzUp4q95JFSR0cLF7qWJ3EvPR/9ODztuW3SM3OD2k0GeeF1IWVgQc2
VvfNFrGYUH699OT2uHrA
=E96u
-END PGP SIGNATURE-

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] SKS peering request [sks-server.randala.com]

[Martin Papik]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512


Dear Phil

First of all thank you for your exhaustive response, it's much
appreciated.

I'm running it on real HW, so the Ptree issues are not a problem,
although I am curious to know why and how such corruption happens on a
VM. Is it because of something specific to SKS or DBD? How was it
fixed in 1.1.4?

Second, with 1.1.3, are ECC signatures lost? Meaning if someone
queries my server running 1.1.3 for a key containing an ECC signature,
will only the one signature be missing or will there be problems
syncing any further signatures? I.e. will the whole key be lost, the
ECC signatures only, or any signature after the first ECC signature is
added? Another question that occurs to me is, how many ECC signatures
are actually in the wild? Are many users affected? If so, I wonder if
the logic that selects my server for inclusion in the pool is doing
the right thing. Mine isn't the only 1.1.3 server included. So I wonder.

I can't do much about OS packaging, it already took extra effort to
get 1.1.3 on the current stable version (not much, but extra), maybe
somebody here could undertake the effort needed to backport the latest
SKS for the stable branch of ubuntu. I've never done anything with
ocaml so I don't feel qualified to roll out a package. Not even for
myself to be honest. Or rather, I'm not in the best mental shape to be
responsible for such a thing.

So the question that sticks out is this, am I degrading the network by
being included in the pool with a 1.1.3 server? If so, what next?

Martin

On 04/07/2014 02:31 AM, Phil Pennock wrote:
> On 2014-04-06 at 13:49 +0300, Martin Papik wrote:
>> And my impression is that 1.1.3 is okay, a number of the servers 
>> visible on https://sks-keyservers.net/status/ are 1.1.3, and so
>> far the only difference I came across is that 1.1.3 doesn't
>> export server contact, which doesn't bother me overly. Is there a
>> better reason to upgrade?
> 
> If your machine is actually a VM rather than raw metal, then 1.1.4
> is almost essential to avoid database corruption issues ("Use
> unique timestamps for keydb to reduce occurrances of Ptree
> corruption").  Some caching and other fixes.  The main other reason
> is to support ECC PGP keys.  If you care about ECC, you'll want
> 1.1.4 or better.
> 
> I believe that Kristian is currently trying to coordinate getting
> some final changes in before a 1.1.5 release which will have enough
> cleanups and improvements in ECC and web security areas that it
> should be considered a "really really should upgrade" release.
> 
> The key aspect here is that OS packaging doesn't tend to draw
> clean distinctions between "stable dependencies which other
> software relies upon" and "service applications which are the
> reason this machine exists".  Often, for the latter group you want
> to try to stay very close to the upstream most-recent release.
> 
> As a classic example of the trade-offs: I'm involved with Exim.  If
> you have a system which just needs to send the occasional email and
> you want package installation to handle setting up new role email
> addresses and mailing-list integration for you, then you likely
> don't care about the most recent version and you want to stick to
> the configuration layouts provided by the OS packager.  On the
> other hand, if you're running a mail-server, then this is entirely
> the wrong approach, because the emphasis shifts to where the whole
> point of the server is this software and you'll want the latest
> improvements and fixes from upstream which reduce the problems when
> talking with others, you'll want support for current trends in
> email security and you'll want to have a configuration designed to
> be evaluated efficiently, for the million+ emails per day you
> handle per machine, instead of the 5.
> 
> So, figure out why you're running SKS and what your goals are.
> Decide if it's important to you for your server to be included in
> public pool definitions run by others, to provide a public service,
> or if you just care about local users and being useful enough to
> the community that others are prepared to bear the cost of
> providing you with feeds, so that you can connect into the mesh.
> (There is operational risk for the stability of your server, for
> each peer you have, as each peer is able to DoS your service with
> resource consumption attacks).
> 
> Once you know your answers to those issues, you'll know if you want
> to (1) stick with the minimal OS version which can talk to other
> servers; (2) run the most recent release, within T time of a new
> release; (3) run a local build from Mercurial tip.
> 
> Regards, -Phil
> 

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJTQhd3AAoJELsEaSRwbVYrKU0P/Au2nDXnBL3+ifEL9GWjz/EZ
JKbMTYNwg7OvVS323+BzIZlmjhzdNZFhMAyG12yjfMrazrjJkTvg0Is9F3gNnPLl
H1IUN2pyfpJEkfoGbGXZ9FcqQOFbu9RwWXLl8MqKv5oJaQMQ

Re: [Sks-devel] SKS Peering

[Jeremy T. Bouse]

I don't know what failed status you're referring to with my cluster 
running on sks.undergrid.net as you've certainly never made any attempt 
at contact, but I've gone ahead and removed you from my membership file 
as well.


On 06.04.2014 05:19, Christian wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello all,

I have removed these Peerings from my SKS Server due to long term
failed status and/or failed cross peerings:

- - keyserver.cais.rnp.br
- - keyserver.codinginfinity.com
- - sks.undergrid.net

I am always welcoming new peerings (Gossip only). If you like drop me
a line, here is my suggested peering line:

sks.alpha-labs.net 11370 # Christian Reiss 
0x44E29126ABCD43C

Cheers!
- -Christian.

- --

 Christian Reiss - em...@christian-reiss.de   /"\  ASCII Ribbon
  \ /Campaign
 GPG Key: http://gpg.christian-reiss.deX   against HTML
 Jabber : ch...@alpha-labs.net/ \   in eMails

 "It's better to reign in hell than to serve in heaven.",
John Milton, Paradise lost.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.17 (MingW32)

iQIcBAEBAgAGBQJTQRw9AAoJEETikSarzUPFtOQP/22DMIqubsdYdkBfMqcuFwRt
R+OyC937H0TTYSwkKzzsVYxaopqzjqpMl4TUffQS+URMwVS6V2LPE9VLkGkrTo82
Mm0i5lznK/fIOud+Dw1cR9n7hUCUPENYXLsFtwFLd1Gf/lzEKOJ7GqOU7YZ8qgdF
6xetKe1KNwM6cRotPQG+GfcdRr9W5jv1wlLRATFBXx4bfpO4MfbLoCtQMTeRLuva
MpA6v9FE5ZX0ubaqawuHzAY0OkCnGrAgGNacsujIfB54b1P6LpfKpK49xOaVxz0t
tvBdw0kUnzV5D16+6/nPzo2Lpl4HIwrXvPz/Z96QtKR+tE+oM4+gIAuc2Dng/K4A
M5J+4+o/vaETavC/FGbdEDEOWqRHDTMUY8y21bDgh+NiDoEjrFxGimpoXl1xzLqs
iO9XZBFpHWpxKma6ejRSAgTbIOoExhE7l7YwWG0LtaRn9OaKWdIzoic85z4ktgqK
w6X9t0eILgRCx5/4B7SgbxJDh0QZ07BQo44B8srCMur5qmC8b+DkU/At+J6y4J6K
TClbOdSZcclGIhtLet4mv7Vu2zJr3aNI8ipr8MeMhQWs44DHVhwBGr0/p5aoFnvH
2aEBUpG7i8HXQOr71JLepeH+2IGrAkrnuSXkm690nbgx+Vs3EarQ6On1mmUogKJ2
nroQkfk5aaWuFuVGTtpY
=rLU3
-END PGP SIGNATURE-

---
This email is free from viruses and malware because avast! Antivirus
protection is active.
http://www.avast.com


___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel



___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

[Sks-devel] SKS Peering

[Christian]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello all,

I have removed these Peerings from my SKS Server due to long term
failed status and/or failed cross peerings:

- - keyserver.cais.rnp.br
- - keyserver.codinginfinity.com
- - sks.undergrid.net

I am always welcoming new peerings (Gossip only). If you like drop me
a line, here is my suggested peering line:

sks.alpha-labs.net 11370 # Christian Reiss 
0x44E29126ABCD43C

Cheers!
- -Christian.

- -- 

 Christian Reiss - em...@christian-reiss.de   /"\  ASCII Ribbon
  \ /Campaign
 GPG Key: http://gpg.christian-reiss.deX   against HTML
 Jabber : ch...@alpha-labs.net/ \   in eMails

 "It's better to reign in hell than to serve in heaven.",
John Milton, Paradise lost.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.17 (MingW32)

iQIcBAEBAgAGBQJTQRw9AAoJEETikSarzUPFtOQP/22DMIqubsdYdkBfMqcuFwRt
R+OyC937H0TTYSwkKzzsVYxaopqzjqpMl4TUffQS+URMwVS6V2LPE9VLkGkrTo82
Mm0i5lznK/fIOud+Dw1cR9n7hUCUPENYXLsFtwFLd1Gf/lzEKOJ7GqOU7YZ8qgdF
6xetKe1KNwM6cRotPQG+GfcdRr9W5jv1wlLRATFBXx4bfpO4MfbLoCtQMTeRLuva
MpA6v9FE5ZX0ubaqawuHzAY0OkCnGrAgGNacsujIfB54b1P6LpfKpK49xOaVxz0t
tvBdw0kUnzV5D16+6/nPzo2Lpl4HIwrXvPz/Z96QtKR+tE+oM4+gIAuc2Dng/K4A
M5J+4+o/vaETavC/FGbdEDEOWqRHDTMUY8y21bDgh+NiDoEjrFxGimpoXl1xzLqs
iO9XZBFpHWpxKma6ejRSAgTbIOoExhE7l7YwWG0LtaRn9OaKWdIzoic85z4ktgqK
w6X9t0eILgRCx5/4B7SgbxJDh0QZ07BQo44B8srCMur5qmC8b+DkU/At+J6y4J6K
TClbOdSZcclGIhtLet4mv7Vu2zJr3aNI8ipr8MeMhQWs44DHVhwBGr0/p5aoFnvH
2aEBUpG7i8HXQOr71JLepeH+2IGrAkrnuSXkm690nbgx+Vs3EarQ6On1mmUogKJ2
nroQkfk5aaWuFuVGTtpY
=rLU3
-END PGP SIGNATURE-

---
This email is free from viruses and malware because avast! Antivirus protection 
is active.
http://www.avast.com


___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] SKS peering request [sks-server.randala.com]

[Martin Papik]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1



This is why libc is required, I've tried to use sks-1.1.4 from trusty
already, same set of dependencies. And as before, if I'm going to
update libc, I might as well do a full dist upgrade.

# dpkg -i libdb5.3_5.3.28-3ubuntu2_amd64.deb
(Reading database ... 97168 files and directories currently installed.)
Preparing to replace libdb5.3 5.3.28-3ubuntu2 (using
libdb5.3_5.3.28-3ubuntu2_amd64.deb) ...
Unpacking replacement libdb5.3 ...
dpkg: dependency problems prevent configuration of libdb5.3:
 libdb5.3 depends on libc6 (>= 2.17); however:
  Version of libc6 on system is 2.15-0ubuntu10.5.
dpkg: error processing libdb5.3 (--install):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 libdb5.3

https://help.ubuntu.com/ -- stable is 13.10, stable LTS is 12.04,
14.04 is devel, meaning not stable :-)

And as I said, my prior experiences are full of grief with premature
dist-upgrades. And I read somewhere on the internets that dist-upgrade
isn't supposed to be "stable" until about 14.04.1.

So, yeah, I may play with 14.04, but not on production machines.
Unless there is a compelling reason. Is there? Is there a really good
reason to move from 1.1.3 to 1.1.4?

Martin

On 04/06/2014 03:26 PM, Tobias Frei wrote:
> Hi,
> 
> I don't really see why upgrading to the next stable release would
> make you a "test-case", but I'm also already running 14.04 on my
> webserver, so I might be the wrong person to ask about this. :D
> 
> If it helps (maybe the new libc version isn't required), you might 
> want to download this package too: 
> http://freiwuppertal.de/libdb5.3_5.3.28-3ubuntu2_amd64.deb
> 
> I can also provide other current .deb files on request.
> 
> 
> Best regards, Tobias Frei
> 
> 
> Am 06.04.2014 12:49, schrieb Martin Papik:
>> 
>> I am using the latest stable LTS, unfortunately, ubuntu LTS 
>> matures slowly and I've been bitten with premature
>> dist-upgrades. I'll choose waiting over being a test-case. At
>> least on anything that's exposed to the internet.
>> 
>> # wget http://freiwuppertal.de/sks_1.1.4-2.1ubuntu1_amd64.deb # 
>> dpkg -i sks_1.1.4-2.1ubuntu1_amd64.deb (Reading database ...
>> 97126 files and directories currently installed.) Preparing to
>> replace sks 1.1.1+dpkgv3-7ubuntu0.3 (using
>> sks_1.1.4-2.1ubuntu1_amd64.deb) ... Stopping sks daemons:
>> sksrecon.. sksdb.. done. Unpacking replacement sks ... dpkg:
>> dependency problems prevent configuration of sks: sks depends on
>> libdb5.3; however: Package libdb5.3 is not installed. dpkg: error
>> processing sks (--install): dependency problems - leaving
>> unconfigured Processing triggers for ureadahead ... Processing
>> triggers for man-db ... Errors were encountered while processing:
>> sks # cat /etc/lsb-release DISTRIB_ID=Ubuntu 
>> DISTRIB_RELEASE=12.04 DISTRIB_CODENAME=precise 
>> DISTRIB_DESCRIPTION="Ubuntu 12.04.4 LTS"
>> 
>> Doesn't seem to work, I tried adding "deb 
>> http://us.archive.ubuntu.com/ubuntu/ trusty main universe" to 
>> /etc/apt/sources.list, but just installing sks would replace
>> libc, which basically means I might as well dist-upgrade, which I
>> won't do just yet.
>> 
>> PS in my personal experience with the last ubuntu LTS increment, 
>> it will be stable enough sometimes next year. Until then, I'm 
>> afraid I only have three options, compile from sources
>> (headache, error prone, extra maintenance), wait for someone to
>> backport 1.1.4 on 10.4 or 12.4, or just leave it as 1.1.3.
>> 
>> And my impression is that 1.1.3 is okay, a number of the servers
>>  visible on https://sks-keyservers.net/status/ are 1.1.3, and so 
>> far the only difference I came across is that 1.1.3 doesn't
>> export server contact, which doesn't bother me overly. Is there a
>> better reason to upgrade?
>> 
>> Martin
>> 
>> On 04/06/2014 12:07 PM, Tobias Frei wrote:
>>> Hi,
>> 
>>> if you'd be using the latest Ubuntu, you would probably also
>>> have access to the newest SKS version in the repositories. ;-)
>> 
>>> Ubuntu 14.04 LTS will come out soon; upgrading to that should 
>>> give you 1.1.4.
>> 
>> 
>>> If your server is running on amd64, you can use this .deb for 
>>> now, if you want to: 
>>> http://freiwuppertal.de/sks_1.1.4-2.1ubuntu1_amd64.deb
>> 
>> 
>> 
>>> Best regards, Tobias Frei
>> 
>> 
>>> Am 05.04.2014 16:17, schrieb Martin Papik:
 
 Thank you, I've upgraded to 1.1.3, although why Ubuntu didn't
  install that one without an explicit parameter boggles me a 
 bit. Oh well. Is that sufficient, or will I have to install
 the very latest from source?
 
 The web server is enabled, there's just no main page in the 
 directory yet.
 
 I see "Error fetching key from hash  : Not_found"
 messages in the log though, is this normal? The hashes
 update, so I'm not overly worried, just want to know if this
 is normal.
 
 Anyway, thanks again for taking the time to assist me.
 
 Martin

Re: [Sks-devel] SKS peering request [sks-server.randala.com]

[Tobias Frei]

Hi,

I don't really see why upgrading to the next stable release would make
you a "test-case", but I'm also already running 14.04 on my webserver,
so I might be the wrong person to ask about this. :D

If it helps (maybe the new libc version isn't required), you might
want to download this package too:
http://freiwuppertal.de/libdb5.3_5.3.28-3ubuntu2_amd64.deb

I can also provide other current .deb files on request.


Best regards,
Tobias Frei


Am 06.04.2014 12:49, schrieb Martin Papik:
> 
> I am using the latest stable LTS, unfortunately, ubuntu LTS
> matures slowly and I've been bitten with premature dist-upgrades.
> I'll choose waiting over being a test-case. At least on anything
> that's exposed to the internet.
> 
> # wget http://freiwuppertal.de/sks_1.1.4-2.1ubuntu1_amd64.deb #
> dpkg -i sks_1.1.4-2.1ubuntu1_amd64.deb (Reading database ... 97126
> files and directories currently installed.) Preparing to replace
> sks 1.1.1+dpkgv3-7ubuntu0.3 (using sks_1.1.4-2.1ubuntu1_amd64.deb)
> ... Stopping sks daemons: sksrecon.. sksdb.. done. Unpacking
> replacement sks ... dpkg: dependency problems prevent configuration
> of sks: sks depends on libdb5.3; however: Package libdb5.3 is not
> installed. dpkg: error processing sks (--install): dependency
> problems - leaving unconfigured Processing triggers for ureadahead
> ... Processing triggers for man-db ... Errors were encountered
> while processing: sks # cat /etc/lsb-release DISTRIB_ID=Ubuntu 
> DISTRIB_RELEASE=12.04 DISTRIB_CODENAME=precise 
> DISTRIB_DESCRIPTION="Ubuntu 12.04.4 LTS"
> 
> Doesn't seem to work, I tried adding "deb 
> http://us.archive.ubuntu.com/ubuntu/ trusty main universe" to 
> /etc/apt/sources.list, but just installing sks would replace libc, 
> which basically means I might as well dist-upgrade, which I won't
> do just yet.
> 
> PS in my personal experience with the last ubuntu LTS increment,
> it will be stable enough sometimes next year. Until then, I'm
> afraid I only have three options, compile from sources (headache,
> error prone, extra maintenance), wait for someone to backport 1.1.4
> on 10.4 or 12.4, or just leave it as 1.1.3.
> 
> And my impression is that 1.1.3 is okay, a number of the servers 
> visible on https://sks-keyservers.net/status/ are 1.1.3, and so
> far the only difference I came across is that 1.1.3 doesn't export
> server contact, which doesn't bother me overly. Is there a better
> reason to upgrade?
> 
> Martin
> 
> On 04/06/2014 12:07 PM, Tobias Frei wrote:
>> Hi,
> 
>> if you'd be using the latest Ubuntu, you would probably also have
>>  access to the newest SKS version in the repositories. ;-)
> 
>> Ubuntu 14.04 LTS will come out soon; upgrading to that should
>> give you 1.1.4.
> 
> 
>> If your server is running on amd64, you can use this .deb for
>> now, if you want to: 
>> http://freiwuppertal.de/sks_1.1.4-2.1ubuntu1_amd64.deb
> 
> 
> 
>> Best regards, Tobias Frei
> 
> 
>> Am 05.04.2014 16:17, schrieb Martin Papik:
>>> 
>>> Thank you, I've upgraded to 1.1.3, although why Ubuntu didn't 
>>> install that one without an explicit parameter boggles me a
>>> bit. Oh well. Is that sufficient, or will I have to install the
>>> very latest from source?
>>> 
>>> The web server is enabled, there's just no main page in the 
>>> directory yet.
>>> 
>>> I see "Error fetching key from hash  : Not_found" messages 
>>> in the log though, is this normal? The hashes update, so I'm
>>> not overly worried, just want to know if this is normal.
>>> 
>>> Anyway, thanks again for taking the time to assist me.
>>> 
>>> Martin
>>> 
>>> On 04/05/2014 04:38 PM, BluKeyserver wrote: Hi Martin,
>>> 
>>> Quoting from 
>>> https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering
>>> 
>>> 'Versions prior to 1.1.2 have a severe interoperability bug
>>> (POST requests for exchanging keys are HTTP/0.9, does not work
>>> with modern setups having reverse HTTP proxies in front as a
>>> best practice.'
>>> 
>>> Perhaps it's a time to ditch the 1.1.1 and try to compile 1.1.4
>>>  instead ?
>>> 
>>> Also, I have noticed, that you did not enable the built-in www
>>>  server:
>>> 
>>> 'Page not found: /var/lib/sks/www/index.html'
>>> 
>>> Regards, H.Storm [TheBluProject]
>>> 
>>> On 05/04/2014 07:52, Martin Papik wrote:
>> Thank you very much Jerzy, however I'm facing some 
>> problems. I wonder if you have any insight. I'm new to
>> sks, but it seems to me that there might be an apache
>> proxy intercepting the connections and interfering
>> somehow. I don't see my server in 
>> http://keyserver.kolosowscy.pl:11371/pks/lookup?op=stats,
>>
>> 
but the sks servers are talking to each other on 11370 so
>> I'm assuming there's some kind of asymmetric setup.
>> 
>> Any help would be appreciated.
>> 
>> Martin
>> 
>> In the log I see  (after incrementing http_fetch_size to 
>> 1000 to reduce the number of entries).
>> 
>> 2014-04-05 08:43:40 address for 
>> keyserver.kolo

Re: [Sks-devel] SKS peering request [sks-server.randala.com]

[Martin Papik]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


I am using the latest stable LTS, unfortunately, ubuntu LTS matures
slowly and I've been bitten with premature dist-upgrades. I'll choose
waiting over being a test-case. At least on anything that's exposed to
the internet.

# wget http://freiwuppertal.de/sks_1.1.4-2.1ubuntu1_amd64.deb
# dpkg -i sks_1.1.4-2.1ubuntu1_amd64.deb
(Reading database ... 97126 files and directories currently installed.)
Preparing to replace sks 1.1.1+dpkgv3-7ubuntu0.3 (using
sks_1.1.4-2.1ubuntu1_amd64.deb) ...
Stopping sks daemons: sksrecon.. sksdb.. done.
Unpacking replacement sks ...
dpkg: dependency problems prevent configuration of sks:
 sks depends on libdb5.3; however:
  Package libdb5.3 is not installed.
dpkg: error processing sks (--install):
 dependency problems - leaving unconfigured
Processing triggers for ureadahead ...
Processing triggers for man-db ...
Errors were encountered while processing:
 sks
# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=12.04
DISTRIB_CODENAME=precise
DISTRIB_DESCRIPTION="Ubuntu 12.04.4 LTS"

Doesn't seem to work, I tried adding "deb
http://us.archive.ubuntu.com/ubuntu/ trusty main universe" to
/etc/apt/sources.list, but just installing sks would replace libc,
which basically means I might as well dist-upgrade, which I won't do
just yet.

PS in my personal experience with the last ubuntu LTS increment, it
will be stable enough sometimes next year. Until then, I'm afraid I
only have three options, compile from sources (headache, error prone,
extra maintenance), wait for someone to backport 1.1.4 on 10.4 or
12.4, or just leave it as 1.1.3.

And my impression is that 1.1.3 is okay, a number of the servers
visible on https://sks-keyservers.net/status/ are 1.1.3, and so far
the only difference I came across is that 1.1.3 doesn't export server
contact, which doesn't bother me overly. Is there a better reason to
upgrade?

Martin

On 04/06/2014 12:07 PM, Tobias Frei wrote:
> Hi,
> 
> if you'd be using the latest Ubuntu, you would probably also have 
> access to the newest SKS version in the repositories. ;-)
> 
> Ubuntu 14.04 LTS will come out soon; upgrading to that should give
> you 1.1.4.
> 
> 
> If your server is running on amd64, you can use this .deb for now,
> if you want to: 
> http://freiwuppertal.de/sks_1.1.4-2.1ubuntu1_amd64.deb
> 
> 
> 
> Best regards, Tobias Frei
> 
> 
> Am 05.04.2014 16:17, schrieb Martin Papik:
>> 
>> Thank you, I've upgraded to 1.1.3, although why Ubuntu didn't 
>> install that one without an explicit parameter boggles me a bit.
>> Oh well. Is that sufficient, or will I have to install the very
>> latest from source?
>> 
>> The web server is enabled, there's just no main page in the 
>> directory yet.
>> 
>> I see "Error fetching key from hash  : Not_found" messages
>> in the log though, is this normal? The hashes update, so I'm not 
>> overly worried, just want to know if this is normal.
>> 
>> Anyway, thanks again for taking the time to assist me.
>> 
>> Martin
>> 
>> On 04/05/2014 04:38 PM, BluKeyserver wrote: Hi Martin,
>> 
>> Quoting from 
>> https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering
>> 
>> 'Versions prior to 1.1.2 have a severe interoperability bug (POST
>>  requests for exchanging keys are HTTP/0.9, does not work with 
>> modern setups having reverse HTTP proxies in front as a best 
>> practice.'
>> 
>> Perhaps it's a time to ditch the 1.1.1 and try to compile 1.1.4 
>> instead ?
>> 
>> Also, I have noticed, that you did not enable the built-in www 
>> server:
>> 
>> 'Page not found: /var/lib/sks/www/index.html'
>> 
>> Regards, H.Storm [TheBluProject]
>> 
>> On 05/04/2014 07:52, Martin Papik wrote:
> Thank you very much Jerzy, however I'm facing some
> problems. I wonder if you have any insight. I'm new to sks,
> but it seems to me that there might be an apache proxy
> intercepting the connections and interfering somehow. I
> don't see my server in 
> http://keyserver.kolosowscy.pl:11371/pks/lookup?op=stats,
> but the sks servers are talking to each other on 11370 so
> I'm assuming there's some kind of asymmetric setup.
> 
> Any help would be appreciated.
> 
> Martin
> 
> In the log I see  (after incrementing http_fetch_size to
> 1000 to reduce the number of entries).
> 
> 2014-04-05 08:43:40 address for 
> keyserver.kolosowscy.pl:11370 changed from [] to
> [,  [2002:b0f1:f30f::1]:11370>] 2014-04-05 08:44:06 6064 hashes
>  recovered from 
> 2014-04-05 08:44:11 Requesting 1000 missing keys from
> , starting with 
> 0005AB14802673F046EC31CC93AC36DC 2014-04-05 08:44:11 Error 
> getting missing keys: Failure(" \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05 08:44:11 
> Requesting 1000 missing keys from  [176.241.243.15]:11371>, starting with 
> 29DF15D7EF250667DE9012CDF6891CE7 2014-04-05 08:44:11 Error 
> getting missing keys: Failure(" \"-//IETF//DTD HTML 2.0//EN\">"

Re: [Sks-devel] SKS peering request [sks-server.randala.com]

[Tobias Frei]

Hi,

if you'd be using the latest Ubuntu, you would probably also have
access to the newest SKS version in the repositories. ;-)

Ubuntu 14.04 LTS will come out soon; upgrading to that should give you
1.1.4.


If your server is running on amd64, you can use this .deb for now, if
you want to:
http://freiwuppertal.de/sks_1.1.4-2.1ubuntu1_amd64.deb



Best regards,
Tobias Frei


Am 05.04.2014 16:17, schrieb Martin Papik:
> 
> Thank you, I've upgraded to 1.1.3, although why Ubuntu didn't
> install that one without an explicit parameter boggles me a bit. Oh
> well. Is that sufficient, or will I have to install the very latest
> from source?
> 
> The web server is enabled, there's just no main page in the
> directory yet.
> 
> I see "Error fetching key from hash  : Not_found" messages in
> the log though, is this normal? The hashes update, so I'm not
> overly worried, just want to know if this is normal.
> 
> Anyway, thanks again for taking the time to assist me.
> 
> Martin
> 
> On 04/05/2014 04:38 PM, BluKeyserver wrote: Hi Martin,
> 
> Quoting from 
> https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering
> 
> 'Versions prior to 1.1.2 have a severe interoperability bug (POST 
> requests for exchanging keys are HTTP/0.9, does not work with
> modern setups having reverse HTTP proxies in front as a best
> practice.'
> 
> Perhaps it's a time to ditch the 1.1.1 and try to compile 1.1.4
> instead ?
> 
> Also, I have noticed, that you did not enable the built-in www
> server:
> 
> 'Page not found: /var/lib/sks/www/index.html'
> 
> Regards, H.Storm [TheBluProject]
> 
> On 05/04/2014 07:52, Martin Papik wrote:
 Thank you very much Jerzy, however I'm facing some problems.
 I wonder if you have any insight. I'm new to sks, but it
 seems to me that there might be an apache proxy intercepting
 the connections and interfering somehow. I don't see my
 server in 
 http://keyserver.kolosowscy.pl:11371/pks/lookup?op=stats, but
 the sks servers are talking to each other on 11370 so I'm
 assuming there's some kind of asymmetric setup.
 
 Any help would be appreciated.
 
 Martin
 
 In the log I see  (after incrementing http_fetch_size to 1000
 to reduce the number of entries).
 
 2014-04-05 08:43:40 address for
 keyserver.kolosowscy.pl:11370 changed from [] to [>>> [176.241.243.15]:11370>, >>> [2002:b0f1:f30f::1]:11370>] 2014-04-05 08:44:06 6064 hashes 
 recovered from  2014-04-05 
 08:44:11 Requesting 1000 missing keys from >>> [176.241.243.15]:11371>, starting with 
 0005AB14802673F046EC31CC93AC36DC 2014-04-05 08:44:11 Error
 getting missing keys: Failure(">>> \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05 08:44:11
 Requesting 1000 missing keys from >>> [176.241.243.15]:11371>, starting with 
 29DF15D7EF250667DE9012CDF6891CE7 2014-04-05 08:44:11 Error
 getting missing keys: Failure(">>> \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05 08:44:11
 Requesting 1000 missing keys from >>> [176.241.243.15]:11371>, starting with 
 54ABD9C187E4555DB2377ABFCD29D8B8 2014-04-05 08:44:11 Error
 getting missing keys: Failure(">>> \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05 08:44:11
 Requesting 1000 missing keys from >>> [176.241.243.15]:11371>, starting with 
 7E819BE55160DDBD06E480F74F1D6017 2014-04-05 08:44:11 Error
 getting missing keys: Failure(">>> \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05 08:44:11
 Requesting 1000 missing keys from >>> [176.241.243.15]:11371>, starting with 
 A7E5518397DB6A961E9FB8B59C1391D6 2014-04-05 08:44:11 Error
 getting missing keys: Failure(">>> \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05 08:44:12
 Requesting 1000 missing keys from >>> [176.241.243.15]:11371>, starting with 
 D348A85B40F5C08C3CA2E9AB09EF2CB0 2014-04-05 08:44:12 Error
 getting missing keys: Failure(">>> \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05 08:44:12
 Requesting 64 missing keys from >>> [176.241.243.15]:11371>, starting with 
 FD40B34ECD8971CFCECF9E79D48772F0 2014-04-05 08:44:12 Error
 getting missing keys: Failure(">>> \"-//IETF//DTD HTML 2.0//EN\">")
 
 The tcpdump output contains (looks like HTTP 0.9, no host
 header in the request, no HTTP headers in the response).
 
 Request to 176.241.243.15:11371
 
 POST /pks/hashquery content-length: 24
 
 Response from 176.241.243.15:11371
 
 
  502 Proxy Error 
 Proxy Error The proxy server received an invalid
 response from an upstream server. The proxy server
 could not handle the request >>> href="/pks/hashquery">POST /pks/hashquery.
 Reason: Error reading from remote
 server  Apache Server at
 keyserver.kolosowscy.pl Port 80 
 
 
 
 
 On 04/05/2014 04:21 AM, Jerzy Ko?osowski wrote:
> Hi,
> 
> I added your server. My line to add:
> 
> keyserver.kolosowscy.pl 11370 # Jerzy Kolosowski 
> 
> 
> Rgds,
> 
> Je

Re: [Sks-devel] SKS peering request [sks-server.randala.com]

[Martin Papik]

Thank you, I've upgraded to 1.1.3, although why Ubuntu didn't install 
that one without an explicit parameter boggles me a bit. Oh well. Is 
that sufficient, or will I have to install the very latest from source?


The web server is enabled, there's just no main page in the directory yet.

I see "Error fetching key from hash  : Not_found" messages in the 
log though, is this normal? The hashes update, so I'm not overly 
worried, just want to know if this is normal.


Anyway, thanks again for taking the time to assist me.

Martin

On 04/05/2014 04:38 PM, BluKeyserver wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi Martin,

Quoting from https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering

'Versions prior to 1.1.2 have a severe interoperability bug (POST
requests for exchanging keys are HTTP/0.9, does not work with modern
setups having reverse HTTP proxies in front as a best practice.'

Perhaps it's a time to ditch the 1.1.1 and try to compile 1.1.4 instead ?

Also, I have noticed, that you did not enable the built-in www server:

'Page not found: /var/lib/sks/www/index.html'

Regards,
H.Storm [TheBluProject]

On 05/04/2014 07:52, Martin Papik wrote:

Thank you very much Jerzy, however I'm facing some problems. I
wonder if you have any insight. I'm new to sks, but it seems to me
that there might be an apache proxy intercepting the connections
and interfering somehow. I don't see my server in
http://keyserver.kolosowscy.pl:11371/pks/lookup?op=stats, but the
sks servers are talking to each other on 11370 so I'm assuming
there's some kind of asymmetric setup.

Any help would be appreciated.

Martin

In the log I see  (after incrementing http_fetch_size to 1000 to
reduce the number of entries).

2014-04-05 08:43:40 address for keyserver.kolosowscy.pl:11370
changed from [] to [, ] 2014-04-05 08:44:06 6064 hashes
recovered from  2014-04-05
08:44:11 Requesting 1000 missing keys from , starting with
0005AB14802673F046EC31CC93AC36DC 2014-04-05 08:44:11 Error getting
missing keys: Failure("") 2014-04-05 08:44:11 Requesting 1000 missing keys from
, starting with
29DF15D7EF250667DE9012CDF6891CE7 2014-04-05 08:44:11 Error getting
missing keys: Failure("") 2014-04-05 08:44:11 Requesting 1000 missing keys from
, starting with
54ABD9C187E4555DB2377ABFCD29D8B8 2014-04-05 08:44:11 Error getting
missing keys: Failure("") 2014-04-05 08:44:11 Requesting 1000 missing keys from
, starting with
7E819BE55160DDBD06E480F74F1D6017 2014-04-05 08:44:11 Error getting
missing keys: Failure("") 2014-04-05 08:44:11 Requesting 1000 missing keys from
, starting with
A7E5518397DB6A961E9FB8B59C1391D6 2014-04-05 08:44:11 Error getting
missing keys: Failure("") 2014-04-05 08:44:12 Requesting 1000 missing keys from
, starting with
D348A85B40F5C08C3CA2E9AB09EF2CB0 2014-04-05 08:44:12 Error getting
missing keys: Failure("") 2014-04-05 08:44:12 Requesting 64 missing keys from
, starting with
FD40B34ECD8971CFCECF9E79D48772F0 2014-04-05 08:44:12 Error getting
missing keys: Failure("")

The tcpdump output contains (looks like HTTP 0.9, no host header in
the request, no HTTP headers in the response).

Request to 176.241.243.15:11371

POST /pks/hashquery content-length: 24

Response from 176.241.243.15:11371

 
502 Proxy Error  Proxy Error
The proxy server received an invalid response from an upstream
server. The proxy server could not handle the request POST /pks/hashquery. Reason:
Error reading from remote server 
Apache Server at keyserver.kolosowscy.pl Port
80 




On 04/05/2014 04:21 AM, Jerzy Ko?osowski wrote:

Hi,

I added your server. My line to add:

keyserver.kolosowscy.pl 11370 # Jerzy Kolosowski


Rgds,

Jerzy Ko?osowski

Dnia ?roda, 2 kwietnia 2014 05:50:52 Martin Papik pisze:

Hi everyone,

I've just configured sks 1.1.1 (default on Ubuntu) on
sks-server.randala.com. The machine has IPv6 but SKS has not
yet been assigned an address. I wonder, is there an advantage
(e.g. in terms of peering)? The server is located in
Germany/EU. For now I'm deploying

the

server for R&D as a proxy for my private server (behind my
ISPs randomized NAT).

You may contact me if you have further questions or for any
issues, operational or otherwise.

Loaded from: http://keys.niif.hu/keydump/ [2014-03-31? ...
köszönöm] Loaded: 3583821 keys

Line to add to /etc/sks/membership

sks-server.randala.com 11370

Thank you.

Martin

___ Sks-devel
mailing list Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel


___ Sks-devel
mailing list Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel



___ Sks-devel mailing
list Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel


-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTQAc1AAoJECAbDNi5hly1xZsP/33HxdOB3IR2xKVb611

Re: [Sks-devel] SKS peering request [sks-server.randala.com]

[BluKeyserver]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi Martin,

Quoting from https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering

'Versions prior to 1.1.2 have a severe interoperability bug (POST
requests for exchanging keys are HTTP/0.9, does not work with modern
setups having reverse HTTP proxies in front as a best practice.'

Perhaps it's a time to ditch the 1.1.1 and try to compile 1.1.4 instead ?

Also, I have noticed, that you did not enable the built-in www server:

'Page not found: /var/lib/sks/www/index.html'

Regards,
H.Storm [TheBluProject]

On 05/04/2014 07:52, Martin Papik wrote:
> 
> Thank you very much Jerzy, however I'm facing some problems. I
> wonder if you have any insight. I'm new to sks, but it seems to me
> that there might be an apache proxy intercepting the connections
> and interfering somehow. I don't see my server in 
> http://keyserver.kolosowscy.pl:11371/pks/lookup?op=stats, but the
> sks servers are talking to each other on 11370 so I'm assuming
> there's some kind of asymmetric setup.
> 
> Any help would be appreciated.
> 
> Martin
> 
> In the log I see  (after incrementing http_fetch_size to 1000 to
> reduce the number of entries).
> 
> 2014-04-05 08:43:40 address for keyserver.kolosowscy.pl:11370
> changed from [] to [,  [2002:b0f1:f30f::1]:11370>] 2014-04-05 08:44:06 6064 hashes
> recovered from  2014-04-05
> 08:44:11 Requesting 1000 missing keys from  [176.241.243.15]:11371>, starting with
> 0005AB14802673F046EC31CC93AC36DC 2014-04-05 08:44:11 Error getting
> missing keys: Failure(" 2.0//EN\">") 2014-04-05 08:44:11 Requesting 1000 missing keys from
> , starting with
> 29DF15D7EF250667DE9012CDF6891CE7 2014-04-05 08:44:11 Error getting
> missing keys: Failure(" 2.0//EN\">") 2014-04-05 08:44:11 Requesting 1000 missing keys from
> , starting with
> 54ABD9C187E4555DB2377ABFCD29D8B8 2014-04-05 08:44:11 Error getting
> missing keys: Failure(" 2.0//EN\">") 2014-04-05 08:44:11 Requesting 1000 missing keys from
> , starting with
> 7E819BE55160DDBD06E480F74F1D6017 2014-04-05 08:44:11 Error getting
> missing keys: Failure(" 2.0//EN\">") 2014-04-05 08:44:11 Requesting 1000 missing keys from
> , starting with
> A7E5518397DB6A961E9FB8B59C1391D6 2014-04-05 08:44:11 Error getting
> missing keys: Failure(" 2.0//EN\">") 2014-04-05 08:44:12 Requesting 1000 missing keys from
> , starting with
> D348A85B40F5C08C3CA2E9AB09EF2CB0 2014-04-05 08:44:12 Error getting
> missing keys: Failure(" 2.0//EN\">") 2014-04-05 08:44:12 Requesting 64 missing keys from
> , starting with
> FD40B34ECD8971CFCECF9E79D48772F0 2014-04-05 08:44:12 Error getting
> missing keys: Failure(" 2.0//EN\">")
> 
> The tcpdump output contains (looks like HTTP 0.9, no host header in
> the request, no HTTP headers in the response).
> 
> Request to 176.241.243.15:11371
> 
> POST /pks/hashquery content-length: 24
> 
> Response from 176.241.243.15:11371
> 
>   
> 502 Proxy Error  Proxy Error 
> The proxy server received an invalid response from an upstream
> server. The proxy server could not handle the request  href="/pks/hashquery">POST /pks/hashquery. Reason:
> Error reading from remote server  
> Apache Server at keyserver.kolosowscy.pl Port
> 80 
> 
> 
> 
> 
> On 04/05/2014 04:21 AM, Jerzy Ko?osowski wrote:
>> Hi,
>> 
>> I added your server. My line to add:
>> 
>> keyserver.kolosowscy.pl 11370 # Jerzy Kolosowski 
>> 
>> 
>> Rgds,
>> 
>> Jerzy Ko?osowski
>> 
>> Dnia ?roda, 2 kwietnia 2014 05:50:52 Martin Papik pisze:
>>> Hi everyone,
>>> 
>>> I've just configured sks 1.1.1 (default on Ubuntu) on 
>>> sks-server.randala.com. The machine has IPv6 but SKS has not
>>> yet been assigned an address. I wonder, is there an advantage
>>> (e.g. in terms of peering)? The server is located in
>>> Germany/EU. For now I'm deploying
>> the
>>> server for R&D as a proxy for my private server (behind my
>>> ISPs randomized NAT).
>>> 
>>> You may contact me if you have further questions or for any
>>> issues, operational or otherwise.
>>> 
>>> Loaded from: http://keys.niif.hu/keydump/ [2014-03-31? ...
>>> köszönöm] Loaded: 3583821 keys
>>> 
>>> Line to add to /etc/sks/membership
>>> 
>>> sks-server.randala.com 11370
>>> 
>>> Thank you.
>>> 
>>> Martin
>>> 
>>> ___ Sks-devel
>>> mailing list Sks-devel@nongnu.org 
>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>> 
>>> 
>>> ___ Sks-devel
>>> mailing list Sks-devel@nongnu.org 
>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
> 
> 
> 
> ___ Sks-devel mailing
> list Sks-devel@nongnu.org 
> https://lists.nongnu.org/mailman/listinfo/sks-devel
> 
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTQAc1AAoJECAbDNi5hly1xZsP/33HxdOB3IR2xKVb611YHDCg
Sq4+bqrMystY4uN4tXIZY9n4QC7GzeXzX8Z84nfPrroNaWUeDsQVhO5Wj6fH0hOV
QSF3CruKigQEQOfhwZtto1y8bVAXrQtHyt28RNl8ogkwv99iIf+0uR6z

Re: [Sks-devel] SKS peering request [sks-server.randala.com]

[Martin Papik]

Thank you very much Jerzy, however I'm facing some problems. I wonder if 
you have any insight. I'm new to sks, but it seems to me that there 
might be an apache proxy intercepting the connections and interfering 
somehow. I don't see my server in 
http://keyserver.kolosowscy.pl:11371/pks/lookup?op=stats, but the sks 
servers are talking to each other on 11370 so I'm assuming there's some 
kind of asymmetric setup.


Any help would be appreciated.

Martin

In the log I see  (after incrementing http_fetch_size to 1000 to reduce 
the number of entries).


2014-04-05 08:43:40 address for keyserver.kolosowscy.pl:11370 changed 
from [] to [, [2002:b0f1:f30f::1]:11370>]
2014-04-05 08:44:06 6064 hashes recovered from [176.241.243.15]:11371>
2014-04-05 08:44:11 Requesting 1000 missing keys from [176.241.243.15]:11371>, starting with 0005AB14802673F046EC31CC93AC36DC
2014-04-05 08:44:11 Error getting missing keys: Failure("PUBLIC \"-//IETF//DTD HTML 2.0//EN\">")
2014-04-05 08:44:11 Requesting 1000 missing keys from [176.241.243.15]:11371>, starting with 29DF15D7EF250667DE9012CDF6891CE7
2014-04-05 08:44:11 Error getting missing keys: Failure("PUBLIC \"-//IETF//DTD HTML 2.0//EN\">")
2014-04-05 08:44:11 Requesting 1000 missing keys from [176.241.243.15]:11371>, starting with 54ABD9C187E4555DB2377ABFCD29D8B8
2014-04-05 08:44:11 Error getting missing keys: Failure("PUBLIC \"-//IETF//DTD HTML 2.0//EN\">")
2014-04-05 08:44:11 Requesting 1000 missing keys from [176.241.243.15]:11371>, starting with 7E819BE55160DDBD06E480F74F1D6017
2014-04-05 08:44:11 Error getting missing keys: Failure("PUBLIC \"-//IETF//DTD HTML 2.0//EN\">")
2014-04-05 08:44:11 Requesting 1000 missing keys from [176.241.243.15]:11371>, starting with A7E5518397DB6A961E9FB8B59C1391D6
2014-04-05 08:44:11 Error getting missing keys: Failure("PUBLIC \"-//IETF//DTD HTML 2.0//EN\">")
2014-04-05 08:44:12 Requesting 1000 missing keys from [176.241.243.15]:11371>, starting with D348A85B40F5C08C3CA2E9AB09EF2CB0
2014-04-05 08:44:12 Error getting missing keys: Failure("PUBLIC \"-//IETF//DTD HTML 2.0//EN\">")
2014-04-05 08:44:12 Requesting 64 missing keys from [176.241.243.15]:11371>, starting with FD40B34ECD8971CFCECF9E79D48772F0
2014-04-05 08:44:12 Error getting missing keys: Failure("PUBLIC \"-//IETF//DTD HTML 2.0//EN\">")


The tcpdump output contains (looks like HTTP 0.9, no host header in the 
request, no HTTP headers in the response).


Request to 176.241.243.15:11371

POST /pks/hashquery
content-length: 24

Response from 176.241.243.15:11371



502 Proxy Error

Proxy Error
The proxy server received an invalid
response from an upstream server.
The proxy server could not handle the request href="/pks/hashquery">POST /pks/hashquery.

Reason: Error reading from remote server

Apache Server at keyserver.kolosowscy.pl Port 80





On 04/05/2014 04:21 AM, Jerzy Ko?osowski wrote:

Hi,

I added your server. My line to add:

keyserver.kolosowscy.pl 11370 # Jerzy Kolosowski


Rgds,

Jerzy Ko?osowski

Dnia s'roda, 2 kwietnia 2014 05:50:52 Martin Papik pisze:

Hi everyone,

I've just configured sks 1.1.1 (default on Ubuntu) on
sks-server.randala.com. The machine has IPv6 but SKS has not yet been
assigned an address. I wonder, is there an advantage (e.g. in terms of
peering)? The server is located in Germany/EU. For now I'm deploying

the

server for R&D as a proxy for my private server (behind my ISPs
randomized NAT).

You may contact me if you have further questions or for any issues,
operational or otherwise.

Loaded from: http://keys.niif.hu/keydump/ [2014-03-31? ... köszönöm]
Loaded: 3583821 keys

Line to add to /etc/sks/membership

sks-server.randala.com 11370

Thank you.

Martin

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel


___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel


___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] SKS peering request [sks-server.randala.com]

[Jerzy Kołosowski]

Hi,

I added your server. My line to add:

keyserver.kolosowscy.pl 11370 # Jerzy Kolosowski 


Rgds,

Jerzy Kołosowski

Dnia środa, 2 kwietnia 2014 05:50:52 Martin Papik pisze:
> Hi everyone,
> 
> I've just configured sks 1.1.1 (default on Ubuntu) on
> sks-server.randala.com. The machine has IPv6 but SKS has not yet been
> assigned an address. I wonder, is there an advantage (e.g. in terms of
> peering)? The server is located in Germany/EU. For now I'm deploying 
the
> server for R&D as a proxy for my private server (behind my ISPs
> randomized NAT).
> 
> You may contact me if you have further questions or for any issues,
> operational or otherwise.
> 
> Loaded from: http://keys.niif.hu/keydump/ [2014-03-31? ... köszönöm]
> Loaded: 3583821 keys
> 
> Line to add to /etc/sks/membership
> 
> sks-server.randala.com 11370
> 
> Thank you.
> 
> Martin
> 
> ___
> Sks-devel mailing list
> Sks-devel@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/sks-devel


signature.asc
Description: This is a digitally signed message part.
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

[Sks-devel] SKS peering request [sks-server.randala.com]

[Martin Papik]

Hi everyone,

I've just configured sks 1.1.1 (default on Ubuntu) on 
sks-server.randala.com. The machine has IPv6 but SKS has not yet been 
assigned an address. I wonder, is there an advantage (e.g. in terms of 
peering)? The server is located in Germany/EU. For now I'm deploying the 
server for R&D as a proxy for my private server (behind my ISPs 
randomized NAT).


You may contact me if you have further questions or for any issues, 
operational or otherwise.


Loaded from: http://keys.niif.hu/keydump/ [2014-03-31? ... köszönöm]
Loaded: 3583821 keys

Line to add to /etc/sks/membership

sks-server.randala.com 11370

Thank you.

Martin

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] SKS Peering Request

[Gabor Kiss]

> I have just set up a new key server and am looking for others to peer

Dear Klaus,

Your database is empty.
Load a keydump first.

BTW, Could you run a traceroute to keys.niif.hu?

Gabor

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

[Sks-devel] SKS Peering Request

[Klaus-Uwe Mitterer]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

I have just set up a new key server and am looking for others to peer
with. Could you please add me to your membership file? I'll do the
same if you send me your details.

keys.klaus-uwe.me 11370 # Klaus-Uwe Mitterer 
0x8CEC4BD8

All the best
- -- 
Klaus-Uwe Mitterer

Email: i...@klaus-uwe.me (PGP: 0x8CEC4BD8)
XMPP (Jabber): kumitte...@klaus-uwe.me
Mobile: +43 660 1581476

*** DISCLAIMER ***
This document is only intended for the person to whom it is addressed.
If you have received it, it was obviously addressed to you. Therefore,
you are free to read it, even if I didn't mean to send it to you.
However, if the contents of this email sound gibberish to you, you
were probably not the intended recipient - or you're just a mindless
cretin. If either is the case, you should immediately delete yourself
and destroy your computer. After doing this, please contact me
immediately. Well, obviously you can't use your computer for this, as
you have destroyed it. Also, you deleted yourself. Sorry, I digress...

I am under no circumstances liable for the transmission of information
contained in this communication, except if I am its sender in which
case I am probably liable as I wrote it.

In case I didn't send this email to you, I sincerely apologize. Let me
invite you on a meat pie someday, maybe?

In case of non-receipt of this email, I do not take any
responsibility, because it means that either you or your email
provider or both use a Microsoft Windows operating system. You know
how glitchy that is, right? Nor will I accept any liability, tacit or
implied, for any damage you may or may not incur as a result of
receiving, or not, as the case may be, from time to time,
notwithstanding all liabilities implied or otherwise and... erm... you
know... whatever the case may be... IT WASN'T ME. YOU'RE MEAN.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTJbbsAAoJEFHRUR+M7EvYd98QAL1aGinYSksULd8CQEA5oNqN
1f3u94SgZuUVpbwE7KnUdzVI2OUJpIIcC2iu5Qp6ie5DdoIkLrOUPQG7Bq2v6CdX
NiYAT9dUd5CZbHAbWWZ9sma0x6TKo1O8q7stH5db5cZRUy3RMwXzM0daWDMJdPk/
fGNtZQVJ7BoX5r/w8uUF9JfAa7GOhW+C5M1aEdcb8zWDLqmizs4KD5M2FpI2nKku
O7QBx8gxk2sIUWUnVOg+N1gL8TiqX3zpW9//2P7r+wERkNCDPPdTwwT+G4X4Bja+
bK+mSOe70QQjk3pfUkG557DG7nbos/eAYRajmZkwUA28zyTld1yhH7gfOOI9C17X
a3Puw2b3CAGZcP4x7q0f0AZYrd+nvJmdwdyNypFYRr8z0xdLwvfLFMHgzH65T0YA
tGWVian+CZ0NPdrRcrIwVP1MwexDSS3nUcjcMazgHQ0JOfffw0diVowT/tJdYVI/
MaKEzP98FqQGdoesRhoFpW+hxdcIYA+EdMLZwxYYrMuUB9DgLWr1GR5f9aTBHHcX
KiPjvQRTO/pPTZoLbwjxjaxpEQi2pGBaNuPjBFbfy8uv7tcYttvpGjmRY086LZfO
K+XYt8FXG84vAV6MGEp1e2ezVpyFDSmFnOv4psbrQ80Uk1bQ8U+qnMaYpK7KmNTj
iMtM0cCIuyLF4KBTwE0B
=+woR
-END PGP SIGNATURE-

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

[Sks-devel] SKS peering request (pgpkeys.co.uk & pgpkeys.eu)

[Daniel Austin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi,

Just doing my periodic request for additional peers on my SKS servers.

If you wish to peer, please add me to your membership file and drop me an
email with your details to add at this end.

I currently operate two SKS servers (in UK and FR), both are IPv4+IPv6
reachable.

membership file lines:

pgpkeys.co.uk 11370 # Daniel Austin  0x34A3662F837F2C28

pgpkeys.eu 11370 # Daniel Austin  0x34A3662F837F2C28



Thanks,

Daniel.

-BEGIN PGP SIGNATURE-
Version: Encryption Desktop 10.3.1 (Build 13100)
Charset: utf-8

wsFVAwUBUxxrtzmvNPSdqqOuAQoY6w//fhX9iEIbO/IL9+Ds+Z2BPwtjEo9iAAfu
0AA35LpqmDvoCxfIG77PiIO0Ro9R5mvvUfAvH2+1Epm8FkglCUwe44+DG9S748Aw
h1yJSfF2A/Qq1RJTQdtJ1xCcY9gLtbcTcy7nMPekOTq7UhfDJNIBqEkvd7f1tStl
inHnpilQzHYm/rSa5kJA6YgM5kTGlQUkrS3+K8oSUZ5iw/eY60ybojGlqJ4qADMg
llga+OWRGgd2z9mo7S5GUBmrQ/LX78VPP6ttyKFaSZ+2SkfDhYOvnd0+3AwjUwKQ
kqnUvA6sR1MyhEo0rQoQ37V8svyp3+3pxoWGy1u0xqGktIT9TV8fh1ShgGhvKgqA
IGkF248e1J6g9nctb4M8kCdEORfD0Rc/3frd82QF3E5n3SEmbBOlyGtjz5g4xhzi
Mqh5JZD8BvM0Q0VOGR9hlzTii4JxA7GUwTt0/H79fKu2msYQwrYV9B9EeRspEHTL
qLdTWFjqYPgm/DCTz0YGZ/H9YNQMsgLCrH79Ds6cRCH15hTfypT5Fzgt93Uh/iZ7
QrDSmMXjPSPYF8hZkC65G6eJ9cF23HtRqgU5Fmpa8zTfvrDm2NHrVld59gVqwhuz
rSeO2KPH0bpiy2+RcI6GRba148SvtkvblIqaKXtgZQZR3o9wbQL8Kw5ZTZ8rlzDL
2SLTvn3dWNU=
=aSUM
-END PGP SIGNATURE-

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

[Sks-devel] SKS Peering Request

[Stuart McCulloch Anderson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Afternoon Guys & Glaz,

After a long absence, NxFifteen is back in the show. My previous server 
couldn't

keep up with the demands I put upon it and the new machine is up and running.

sks.research.nxfifteen.me.uk 11370 # Stuart
McCulloch Anderson  A7EEB609

I've started fresh with a DB dump from Wednesday 27th February and am
ready to join
the peering network again.

As always yours Stu
... and if you have been, thanks for reading

stu...@nxfifteen.me.uk | http://nxfifteen.me.uk | +44-7787-432-476
OpenPGP FingerPrint|  299B6F75C137950F031F5DFAD4065F5EA7EEB609
   "I love you cause you join me in my madness"

ps: if you still have my old servers in your membership please remove
them (i dont think anyone does) research.nxfifteen.com
-BEGIN PGP SIGNATURE-
Version: APG v1.0.8

iQJOBAEBCAA4BQJRM34dMRxTdHVhcnQgTWNDdWxsb2NoIEFuZGVyc29uIDxzdHVh
cnRAbnhmaWZ0ZWVuLmNvbT4ACgkQ1AZfXqfutgnYKhAAobWIEHlDatCZgfkrwGZr
LiPOMA0k3caMFk4xDDGp5whDKBunKWJOOSX7bEmzi/k4TMjh9Howg5u8LM/jXPl6
38x3QpOIJApBBqlE+dWfJy+qZlrz6tPeKQT/1AcEp7Q5zdjLBBJGo0lanlzDV9VA
jg2p2gI/+Y0Tr7xCATjeVA2yszhh4vjYaY8CA1U9he9/yfdtQ4s0s7uqiEHYa85Y
L6+1+cVKJeXZqs6CAazucN0qoRlyErrT/zHlzEc85ZDUqKlO81djUusFU5A7lUgU
zQumS8ihrTdECBblaOhXRQbKE08tYrk7CHglU+lUnB5KR8Z6/oNDWC/yX7e3KTQR
4OonfbGqjE0MzA7erJMY15zDnc3bQHu0o9x14OgmLAAzBgwwo0x7Hvbf+nwuDbKf
IZk9x9CM7F0CtaBYmgxvinZ/DnnV9rnC7FpEUwaP3rPqFR4w6+VBBeaRiL3Uewwa
Df0jaZ6881PK1ahpToeU/63aYjntOX/pGRE25bEA+hfFsVoHb1mbAx5rdtXBBseC
+qa8ySmJn09xyI4uYLqoCgSWttA0UE6xUlInkNq8wuVzKbC8uh4+lqrqQrv/EnOV
8IIo77+2xqPF38p/C0HKtPNe+cSyIiR+a6WLUKXsW3IW/Znf0cIvKABSsoQu2Spb
Yc/a9cbhtQ94WTuDgjwZL1U=
=QO7k
-END PGP SIGNATURE-

As always yours Stu
... and if you have been, thanks for reading

stu...@nxfifteen.me.uk | http://nxfifteen.em.uk | +44-7787-432-476
***NxR***



___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

[Sks-devel] SKS Peering Request

[Ryan]

Ok I am back in the game after a long absence, The datacenter I was using 
shutdown and I changed homes several times until I brought everything in-house.

I am running two servers, membership reloads every hour
sks1.webtru.st 11370 # Ryan Hunt  74A771E1
sks2.webtru.st 11370 # Ryan Hunt  74A771E1

pgp.webtru.st is my dns-pool

pick one to peer with, or both.. let me know which. If you peer with both I'll 
only add you to one of my servers until both get caught up with network sync. 
(to avoid hammering your server)

Some info:
 - Both servers are running on separate yet identical hardware (Hex CPU 3.5GHz 
w/16GB RAM) 
 - Dedicated OpenVZ Container, each database has a dedicated 200GB partition on 
a 500MB/s HA-SAN..
 - Recon ports are public facing
 - hkp ports are internal behind a pair of redundant load balancers (HA-Proxy & 
CARP)
 - Uplink connection is 20Mbit downlink 100Mbit with HKP traffic in the highest 
priority QoS pool.

Everything seems to be working wonderfully, nice and quick.. just need to join 
the peering network.

Regards,
-Ryan Hunt
http://nayr.net

ps: if you still have my old servers in your membership please remove them (i 
dont think anyone does)
pgp.webtru.st
keys.nayr.net



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

RE: [Sks-devel] SKS peering

[Anakin-Marc Zaeger]

Feel free to add my server.  http://keyserver.nyfnet.net:11371

-A

...

-Original Message-
From:  
Sent: Tuesday, October 13, 2009 4:14 AM
To: sks-devel@nongnu.org
Subject: [Sks-devel] SKS peering


Hi,
I'm new to this mailing list.
My name is Gabriel David, but you can call me Gabi.
I have set up  a new sks which can be found at
http://sks.stsisp.ro:11371/. The server is running but write now I'm
looking to find some peers in order to fullfill my membership file and
also I want to find somebody who want to participate in a mailsync. I
prefaire to talk with the same peer(for gossip and email) if it is
possible.

Best regards,
Gabi.




___
Sks-devel mailing list
Sks-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/sks-devel


___
Sks-devel mailing list
Sks-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/sks-devel

[Sks-devel] SKS peering

[gdavid13]

Hi,
I'm new to this mailing list.
My name is Gabriel David, but you can call me Gabi.
I have set up  a new sks which can be found at
http://sks.stsisp.ro:11371/. The server is running but write now I'm
looking to find some peers in order to fullfill my membership file and
also I want to find somebody who want to participate in a mailsync. I
prefaire to talk with the same peer(for gossip and email) if it is 
possible.

Best regards,
Gabi.




___
Sks-devel mailing list
Sks-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/sks-devel