Re: [Sks-devel] pool.sks-keyservers.net issues (was: Questions about OpenPGP best practices)

2013-02-27 Thread Niels Laukens
Apologies for cross-posting to both mailing lists, but since I got replies via both ways I feel this is the easiest way to sync them. On 2013-02-26 10:21, kristian.fiskerstr...@sumptuouscapital.com wrote: I would indeed like to get more feedback on the pools. My first question is whether you

Re: [Sks-devel] Peering wiki text updated

2013-02-27 Thread Stephan Seitz
Hi Phil, If someone has a current good example of Apache config for this, we should add that too. this is how my apache proxies requests to sks: VirtualHost MY-KEYSERVER-IP:11371 ServerName MY-KEYSERVER-HOSTNAME ServerAlias pool.sks-keyservers.net ServerAlias

Re: [Sks-devel] Peering wiki text updated

2013-02-27 Thread Kristian Fiskerstrand
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 02/27/2013 09:08 PM, Stephan Seitz wrote: Hi Phil, If someone has a current good example of Apache config for this, we should add that too. Hi Stephan, Are the ServerAliases strictly necessary for a port binding to 11371? Presumably

Re: [Sks-devel] Peering wiki text updated

2013-02-27 Thread Daniel Kahn Gillmor
On 02/27/2013 12:36 PM, Kristian Fiskerstrand wrote: Are the ServerAliases strictly necessary for a port binding to 11371? Presumably you're not using canonical names to determine the service. If the aliases really are necessary, keep in mind that some pools are using a CNAME to

Re: [Sks-devel] Fwd: sks-keyserver unavailable

2013-02-27 Thread Kristian Fiskerstrand
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 02/26/2013 11:17 PM, Phil Pennock wrote: On 2013-02-26 at 11:16 +0100, Niels Laukens wrote: I'm having trouble getting keys of the pools on sks-keyservers.net. I've just retried with the suggested debug-option with following result: Okay,

Re: [Sks-devel] Peering wiki text updated

2013-02-27 Thread Phil Pennock
On 2013-02-27 at 21:08 +0100, Stephan Seitz wrote: this is how my apache proxies requests to sks: I see that the Server: header from SKS is being preserved in your setup; is the Via header also automatically derived? Did you want to put in anything just to say Apache? I've put this into the

Re: [Sks-devel] Peering wiki text updated

2013-02-27 Thread John Clizbe
Phil Pennock wrote: If someone has a current good example of Apache config for this, we should add that too. Using this on both servers, ports 80 11371 VirtualHost *:11371 ServerName keyserver.example.net ServerAlias pool.sks-keyservers.net *.pool.sks-keyservers.net

Re: [Sks-devel] pool.sks-keyservers.net issues (was: Questions about OpenPGP best practices)

2013-02-27 Thread Phil Pennock
On 2013-02-27 at 10:57 +0100, Niels Laukens wrote: Apologies for cross-posting to both mailing lists, but since I got replies via both ways I feel this is the easiest way to sync them. Current status: Kristian and I have debugged and he found the core issue. If I load down my server, we can