Re: [Sks-devel] Peers
> On 6 Apr 2017, at 23:13, Phil Pennock wrote: > > If the :11371 port is open to the world, to support roaming users, then > you're going to end up in the public pools anyway. Not quite true. You can avoid being added to the pools by intentionally failing one or more of the entry criteria. The safest (and easiest!) one to fail is the reverse proxy detection. You should always install a reverse proxy but if you don't configure the headers properly, the detector will think you didn't. Oops. A ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Peers
On 2017-04-05 at 23:30 +0200, Peter Sunde Kolmisoppi wrote: > Setting up a keyserver and looking for peers! > The machine is located in sweden and will be used for research and internal > pgp signing / checking, and not public facing. If the :11371 port is open to the world, to support roaming users, then you're going to end up in the public pools anyway. Every keyserver exports its status on a special URL, including a list of which services it peers with. Anyone can then spider the mesh and build lists of keyservers. This is how sks-keyservers.net does it and that pool is what keys.gnupg.net is aliased to. So either you'll need to not allow :11371 outside your network, or you'll need to arrange with pool operators to be manually excluded. The only pool operator I know of which is worth worrying about is sks-keyservers.net. -Phil ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Peers
On 06/04/17 09:37, Peter Sunde Kolmisoppi wrote: > Hey guys, > > thanks for that. Yeah, firewall holes for peers. The idea is (as I > told Andrew already so sorry for repeating) to do some privacy for > internal operations. We don’t want anyone we don’t know to be able > to log the lookups of keys for privacy reasons. We might put up a > public facing keyserver in the future but for now we’re also doing > some research, so any peers that wants to help would be much > appreciated. The more the merrier! Just curious, did you consider using tor or is this not possible? (I'll peer with you after all this, promise!) Andrew. signature.asc Description: OpenPGP digital signature ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Peers
> On 6 Apr 2017, at 00:32, Fabian A. Santiago > wrote: > > On April 5, 2017 6:08:05 PM EDT, Andrew Gallagher wrote: >> >>> On 5 Apr 2017, at 22:30, Peter Sunde Kolmisoppi >> wrote: >>> >>> Hey all! >>> >>> Setting up a keyserver and looking for peers! >>> The machine is located in sweden and will be used for research and >> internal pgp signing / checking, and not public facing. >> >> Out of curiosity, how are you going to recon if it's not public facing? >> Specific firewall holes for your peers? >> >> A >> >> ___ >> Sks-devel mailing list >> Sks-devel@nongnu.org >> https://lists.nongnu.org/mailman/listinfo/sks-devel > > Agreed, how? I'd peer with you but curious…. Hey guys, thanks for that. Yeah, firewall holes for peers. The idea is (as I told Andrew already so sorry for repeating) to do some privacy for internal operations. We don’t want anyone we don’t know to be able to log the lookups of keys for privacy reasons. We might put up a public facing keyserver in the future but for now we’re also doing some research, so any peers that wants to help would be much appreciated. The more the merrier! Best, Peter signature.asc Description: Message signed with OpenPGP ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Peers
On April 5, 2017 6:08:05 PM EDT, Andrew Gallagher wrote: > >> On 5 Apr 2017, at 22:30, Peter Sunde Kolmisoppi >wrote: >> >> Hey all! >> >> Setting up a keyserver and looking for peers! >> The machine is located in sweden and will be used for research and >internal pgp signing / checking, and not public facing. > >Out of curiosity, how are you going to recon if it's not public facing? >Specific firewall holes for your peers? > >A > >___ >Sks-devel mailing list >Sks-devel@nongnu.org >https://lists.nongnu.org/mailman/listinfo/sks-devel Agreed, how? I'd peer with you but curious -- Thanks. Fabian S. signature.asc Description: PGP signature ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Peers
> On 5 Apr 2017, at 22:30, Peter Sunde Kolmisoppi wrote: > > Hey all! > > Setting up a keyserver and looking for peers! > The machine is located in sweden and will be used for research and internal > pgp signing / checking, and not public facing. Out of curiosity, how are you going to recon if it's not public facing? Specific firewall holes for your peers? A ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] peers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, anyone willing to peer in Eu (Server in france). Kind Regards, Mike -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJWQUiRAAoJEOYwtpHNe8FmY38H/R0u+zAwnefNi9OsjJE2JEnp LBPlZAyo1CyADk67PvmAUBXfD2fgfp/+DOnlDwbZ+4KPx1cXwcQRZjAME4uWxr2j 1cV9pIdeV22BByekKw2C3vT9+UFRkbeT+cU1WnzPpLzcQaMAhGwhUGuXkN9WxbTI njW7GUmI5V9yvF/kl7xHl6jTMGmPwW93sCioUR7iX+N6Ir9zf2PRzfTNhi9n7jcq OxFAEC+kJxTS7GLZtrtuMHRmD4T16567tAlz+AvSouqEJK4yiZgMiezew7G8HvNW 4vLGt7r/y5XHhwrhGycgP13i0HiGarbH1fN21t3F2OMsRopwOPjc3/FJkOT0fpw= =8+7I -END PGP SIGNATURE- ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Peers required/offerred
Dan, I've added your info to our membership file. Please add us to yours. gpg.NebrWesleyan.edu 11370 # Timothy A. Holtzen 0xDABCB3D7 Timothy A. Holtzen Campus Network Administrator Nebraska Wesleyan University Public PGP key 0xDABCB3D7 On 02/06/2012 05:26 PM, Daniel Austin wrote: > Dear List, > > I've setup a new SKS keyserver, and i'm happy to peer with any other > servers who are interested. > I'm using a hostname I acquired long ago that's very fitting for the job. > The server is hosted on a fast, stable server with excellent > connectivity (both IPv4 and native IPv6 reachable) > > If you'd like to peer, please add me to your 'membership' file with > the following data, and let me know your details so I can do the same > here: > > pgpkeys.co.uk 11370 # Daniel Austin 0x7F003DE6 > > > > Thanks, > > Dan. > > > ___ > Sks-devel mailing list > Sks-devel@nongnu.org > https://lists.nongnu.org/mailman/listinfo/sks-devel signature.asc Description: OpenPGP digital signature ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Peers required/offerred
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Daniel Austin wrote, On 02/07/2012 09:17 AM: > pgpkeys.co.uk 11370 # Daniel Austin > 0x7F003DE6 Hi Daniel, I've added you to the membership file of keys2.kfwebs.net keys2.kfwebs.net 11370 # 0x6b0b9508 - -- - Kristian Fiskerstrand kristian.fiskerstr...@sumptuouscapital.com http://www.sumptuouscapital.com Twitter: @krifisk - Manus manum lavat One hand washes the other - This email was digitally signed using the OpenPGP standard. If you want to read more about this The book: Sending Emails - The Safe Way: An introduction to OpenPGP security is now available in both Amazon Kindle and Paperback format at http://www.amazon.com/dp/B006RSG1S4/ - Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iQIcBAEBCAAGBQJPMX/QAAoJEBbgz41rC5UI8j0QAKoU1EBPOPzucZvqYBWoqbS3 DOn5/VX/wQkK5uVp0kxUpxTTCdY0VsetRp8yvNrld77/QJe160Vl8HyoErEYSjH5 Bpex6XcRQ07QKNCB6gLSEG8tPGJ3y1w9JjidYlJFtE9JAgKgE7O+uCLYgO1nxJVJ wx5HiOcJJrP5i/4tmcfYqfrPGZm37Z+281k9h25z7KveUL0iDdVR28DxSwhOQCt8 JKw7m1uJUWBLj0WW5JBbtep6N+51ZYlrtzRi9DhMnem5S4CBCKUWelh9HaqulQ51 RaasA486LjgrHTnW4ckHEpkVBUoSx1r/cgxy/M4avGx7EJ64IjTN8eKefgGavaGG 9Uk/JoOTwr7kCQNpAh38xEu2g7nxs5uVMUdZkSuB3rgEJh0HM4rswJynf4l8ySQS dVzmTRG3hQ1sKRM66ETV2hh/N8uWm/m6n694Hvo5SOWMOyKBigm4w3m2X4LMx/0B Hq81Mb5ESP95SINUItSUF4CLq3C/nucd91UD6kStGmLnSu0UWZiDqY2A8MDans7L 26+nWJ/2m+b93GmxeiyBi01SeY+iB0YiFxJERu/VE1xVuezXU+GAgRZSiQMzptJH 3IWWJmY/WnZSdjNaEN9PFoJQLNt5s4mTvRQMLe0dPHc51cvSeUigDqzlmDgw0jVM 1TDAK05UqiWBz2R1ydyu =VaUl -END PGP SIGNATURE- ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Peers
On Thu, Apr 28, 2005 at 10:50:49AM +0930, Darryl Ross wrote: > I've just rebuilt keyserver.afoyi.com from scratch on a fedora core 3 > machine. The problem I was having in regards to being approximately > 14,000 keys short compared to the other keyservers seems to have been > fixed in the rebuild. Good, but would you believe that sks.keyserver.cardboard.net seems to have the same problem? I'm curious to see the output of: %db_stat -d ./KDB/keyid %db_stat -d ./KDB/key whenever this happens. -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpUb4wKyHxc6.pgp Description: PGP signature ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel