Re: [Sks-devel] HKP Spec Progress

On Jan 11, 2015, at 2:03 AM, Gabor Kiss wrote: > >> I'm unable to find any updates beyond the original draft of >> the OpenPGP HTTP Keyserver Protocol (HKP)[1]. Since the sks >> keyservers are based on this protocol, are there any plans >> on making progress in its adoption. It's been over 11 yea

Re: [Sks-devel] HKP Spec Progress

On Jan 10, 2015, at 7:29 PM, Daniel Roesler wrote: > I'm unable to find any updates beyond the original draft of > the OpenPGP HTTP Keyserver Protocol (HKP)[1]. Since the sks > keyservers are based on this protocol, are there any plans > on making progress in its adoption. It's been over 11 years,

Re: [Sks-devel] acceptable search input format

On Jun 4, 2014, at 4:52 AM, kwadronaut wrote: > Hi, > > I noticed that the search for keys in the web fronted is picky in its > input. Some that should work (in my opinion) don't. I double checked > with 'How to specify a uid' in gnupgs documentation [1]. Is there any > rationale to limit the se

Re: [Sks-devel] SKS should not accept or replay non-exportable certifications

On Sep 14, 2013, at 1:51 AM, John Clizbe wrote: > I agree with Werner and Dave Shaw that you are wrong. If you are so convinced > you are correct, post, with _ALL_ the particulars not just those that support > your stance, to the IETF-OpenPGP list and get their opinion. To be clear, the thing I

Re: [Sks-devel] Wrong key fetched?

On Jan 25, 2013, at 2:41 PM, Christoph Egger wrote: > John Clizbe writes: >> Christoph Egger wrote: >>> Something weird happening when fetching 0xE33EC63DF983 -- it gets >>> 0x9CDF568F which doesn't even have a subkey called 0xE33EC63DF983 as >>> far as I can see. Anyone knows what's g

Re: [Sks-devel] SRV records and HKPS requests

On Dec 7, 2012, at 2:40 AM, Phil Pennock wrote: > On 2012-12-05 at 23:32 -0500, David Shaw wrote: >> It's working, it's just misleading since the SRV replacement happens >> after the debug logging so the actual URL that is hit is not the one >> that is being logge

Re: [Sks-devel] SRV records and HKPS requests

On Dec 3, 2012, at 2:00 AM, Phil Pennock wrote: > On 2012-12-02 at 23:46 -0500, David Shaw wrote: >> Hmm. Were you intending to test with the internal HTTP support or >> with libcurl? You're currently built with internal support: > > Ah. I couldn't tell

Re: [Sks-devel] SRV records and HKPS requests

On Dec 2, 2012, at 7:59 PM, Phil Pennock wrote: > On 2012-12-02 at 10:23 -0500, David Shaw wrote: >> On Oct 6, 2012, at 10:20 PM, Phil Pennock >> wrote: >>> GnuPG folks (since this is cross-posted, if my mail makes it through): >>> >>> there is a bu

Re: [Sks-devel] SRV records and HKPS requests

On Oct 6, 2012, at 10:20 PM, Phil Pennock wrote: > GnuPG folks (since this is cross-posted, if my mail makes it through): > > there is a bug in GnuPG's SRV handling, I've identified where I think > it is, it's in the second block of text from me; the first part of this > mail relates to SKS and

Re: [Sks-devel] 16-digit keyid with machine-readable output

On Oct 25, 2012, at 7:25 PM, John Clizbe wrote: > David Shaw wrote: >> On Oct 25, 2012, at 4:50 PM, John Clizbe wrote: > >>> Kristian and I were discussing this exact item yesterday. From my reading >>> of [1], I think 16-digit key IDs should be returned in the mr

Re: [Sks-devel] 16-digit keyid with machine-readable output

On Oct 25, 2012, at 4:50 PM, John Clizbe wrote: > Phil Pennock wrote: >> On 2012-10-25 at 12:42 -0700, k clair wrote: >>> I can't find anywhere that this is documented: Is there a way to >>> get the machine-readable output of a search to return the 16-digit >>> keyid rather than the 8-digit key

Re: [Sks-devel] dealing with misplaced signatures

On Aug 1, 2012, at 1:29 PM, Daniel Kahn Gillmor wrote: > On 08/01/2012 01:12 PM, David Shaw wrote: >> My point is that if you expect GPG to be able to fix a broken key, you need >> to pass back all the data, or GPG has nothing to work from. > > well, you could expect th

Re: [Sks-devel] dealing with misplaced signatures

On Aug 1, 2012, at 12:33 PM, Daniel Kahn Gillmor wrote: > On 08/01/2012 12:44 AM, David Shaw wrote: >> hiding the packets is potentially harmful. [...] >> hiding the packets from GPG prevents this repair from happening. >> After all, if GPG doesn't get the packets,

Re: [Sks-devel] dealing with misplaced signatures

On Jul 31, 2012, at 6:04 PM, Kristian Fiskerstrand wrote: > On 2012-07-31 23:29, David Shaw wrote: > >> What's happening here is that the key is mangled on SKS (whether SKS >> mangled it or it was imported already mangled doesn't matter). GPG >> fetches

Re: [Sks-devel] Keys over NNTP

On May 28, 2012, at 3:14 AM, Kiss Gabor (Bitman) wrote: >> It is like news server operation. New servers are completely independent. >> It is always the matter of local policy what newsgroups and what articles >> are received and sent from/to what peer partners. Accepting centralized >> control me

Re: [Sks-devel] Fwd: [Announce] GnuPG 1.4.12 released

On Jan 30, 2012, at 2:34 PM, User1001 wrote: > HKP is no longer in use? HKP is still in use. One of the requirements of the old PKSD keyserver was that it could only search for short (8 digit) key IDs. Even if the user searched for a full fingerprint, GPG would have to chop it down and only s

Re: [Sks-devel] IPv6 peering; keydumps annoyingly large

On Jun 2, 2011, at 1:22 AM, Matthew Palmer wrote: > On Thu, Jun 02, 2011 at 01:06:35AM -0400, Robert J. Hansen wrote: >>> reviewing, testing, and deploying a significant change to the architecture >>> of the SKS keyserver network... >> >> It should be noted, incidentally, that these changes would

Re: [Sks-devel] IPv6 peering; keydumps annoyingly large

On Jun 1, 2011, at 6:06 PM, Scott Grayban wrote: > David Shaw said the following on 06/01/2011 02:45 PM: >> On Jun 1, 2011, at 1:14 PM, Xian Stannard wrote: >> >> >>> I can see that it is bad to loose keys that are in use, but why must >>> every key from

Re: [Sks-devel] IPv6 peering; keydumps annoyingly large

On Jun 1, 2011, at 1:14 PM, Xian Stannard wrote: > I can see that it is bad to loose keys that are in use, but why must > every key from day zero be kept? The deletion need not be probibitive of > the key being uploaded again: that could trigger it to be re-propagated. One danger is that a revoke

Re: [Sks-devel] IPv6 peering; keydumps annoyingly large

On Jun 1, 2011, at 2:09 PM, Scott Grayban wrote: > Maybe I'm the rookie here but not a linux "rookie", I have been using > linux for the past 15 years, just google my name, and I always run into > the group that would rather take the "easiest way" and ignore a issue > that is bound to come up. >

Re: [Sks-devel] pool.sks-keyservers.net in seahorse

On Mar 29, 2011, at 6:09 PM, Javier Henderson wrote: > >> >> I assume you've read the VMware guide to time sync issues? I've found it >> helpful when I had similar issues, but not helpful enough. In one case, the >> clock was slipping enough that the recommended kernel timing parameters and

Re: [Sks-devel] pool.sks-keyservers.net in seahorse

On Mar 29, 2011, at 2:30 PM, Jonathon Weiss wrote: > Following up to several different people on this recent thread: > > 1) I support the move from pgp.mit.edu to a pool address, as the default > configuration for pgp clients. I'm not any happier with my server > being a single point of fail

Re: [Sks-devel] pool.sks-keyservers.net in seahorse

On Mar 29, 2011, at 2:06 PM, Daniel Kahn Gillmor wrote: > On 03/29/2011 01:53 PM, Phil Pennock wrote: >> On 2011-03-29 at 12:14 -0400, Daniel Kahn Gillmor wrote: >>> I don't use seahorse regularly, but i recently convinced them to replace >>> (old, broken, non-syncing) pgp.mit.edu with a pointer t

Re: [Sks-devel] pool.sks-keyservers.net in seahorse

On Mar 29, 2011, at 1:53 PM, Phil Pennock wrote: > On 2011-03-29 at 12:14 -0400, Daniel Kahn Gillmor wrote: >> I don't use seahorse regularly, but i recently convinced them to replace >> (old, broken, non-syncing) pgp.mit.edu with a pointer to >> pool.sks-keyservers.net: > > Uhm, the pgp.mit.edu

Re: [Sks-devel] Hardware Issue / Kristian

On Mar 18, 2011, at 1:04 PM, Sebastian Urbach wrote: > Hi, > > Kristian is expecting to have working hardware on sunday morning. Would it be worth setting up a bunch of DNS slaves for the main sks-keyservers.net? With a sufficiently long timeout, we could then survive an extended outage witho

Re: [Sks-devel] 2 out of 10 pool.sks-keyservers.net not responding to pings

On Nov 29, 2010, at 3:55 PM, Daniel Kahn Gillmor wrote: > From where i sit, 2 out of 10 of the servers returned by > pool.sks-keyservers.net are not responding to ICMP echo requests (pings): > > 193.174.13.74 (pgpkeys.pca.dfn.de) > 94.46.216.2(sks.5coluna.com) > > Given that the machines do

Re: [Sks-devel] SKS, Content-Length and HEAD requests

On Nov 2, 2010, at 5:45 PM, Jonathan Oxer wrote: > On Tue, 2010-11-02 at 13:20 -0400, Phil Pennock wrote: >> On 2010-11-02 at 16:20 +0100, Marian Kechlibar wrote: >>> The main principle would be to issue a HEAD request first, instead of >>> a GET request. > >> You've just added an extra round tri

Re: [Sks-devel] keyserver.pramberger.at terminating

On Sep 7, 2010, at 5:04 PM, Matthew Wilcox wrote: > On Tue, Sep 07, 2010 at 10:40:40PM +0200, Johan van Selst wrote: >> That makes perfect sense. But still, there is nothing preventing this >> user (or anyone else) from harassing other keyserver maintainers and >> demanding key removal everywhere.

Re: [Sks-devel] seeking peers for keyserver.durcheinandertal.ch

On Sep 7, 2010, at 3:21 AM, Gaudenz Steinlin wrote: > Excerpts from Phil Pennock's message of Die Sep 07 03:26:37 +0200 2010: >> On 2010-09-06 at 21:03 +0200, Gaudenz Steinlin wrote: >>> I would be interested to build up a pool of TLS enabled SKS servers >>> with others. To my knowledge there are

Re: [Sks-devel] new keyserver online

On Aug 22, 2010, at 9:27 AM, Robert J. Hansen wrote: > While I concur with you, Christoph, there's one minor error that should > probably be corrected: > >> No keyserver is a CA... > > Most keyservers are CAs, in that the people who run the keyservers have > signed other people's keys. Robert,

Re: [Sks-devel] APG

On Jul 1, 2010, at 11:36 PM, Jeff Johnson wrote: > > On Jul 1, 2010, at 10:55 PM, John Clizbe wrote: >> >> as well as http://ietfreport.isoc.org/idref/draft-shaw-openpgp-hkp/ >> > > > Which reminds me ... > > There are _LOTS_ of advantages to hkp:// lookup through > SKS keyserers: easy to im

Re: [Sks-devel] LDAP back-end

On Jun 20, 2010, at 3:48 PM, Joseph Oreste Bruni wrote: > GnuPG supports an LDAP interface directly without needing to use SKS. If you > are using OpenLDAP the schema extensions can be found easily enough. I did > this for a small, private key server in my company for awhile until my needs > ou

Re: [Sks-devel] Anyone syncing with PGP.com keyserver ?

On Jun 20, 2010, at 9:43 AM, Francisco Jesus Monserrat Coll wrote: > > > > Hello, > > I'd just realized that the SKS PGP-keyservers seems to be not synchronized > with the PGP.com keyserver (keyserver.pgp.com) , a college submit his key > to the keyserver.pgp.com last week (he was using the c

[Sks-devel] Crypto domain auction ends tonight!

Hi everyone, The crypto domain auction has done better than I expected, and we've raised $185 for the FSF/FSFE. At 8pm US/Eastern (midnight GMT) tonight, the auction will close and I will notify the winners shortly afterwards. If anyone wants to grab a domain, now is your chance. See http://

[Sks-devel] Crypto domains for auction to benefit FSF and FSFE

Hi everyone, I have a few crypto-related domain names that I bought a few years ago for one project or another. I've been sitting on the domains for a while, but they're not really doing anyone any good like that. So, rather than just letting them expire and be snapped up by link farms, I tho

[Sks-devel] Crypto-related domain name auction to benefit FSF and FSFE

Hi everyone, I have a few crypto-related domain names that I bought a few years ago for one project or another. (Among other ideas, I had once thought to set up a 'who will sign my PGP key?' exchange, but then biglumber.com did it so well, there was little point in doing it all over again). I

Re: [Fwd: Re: [Sks-devel] Alternative to round-robin (was Re: pool.sks-keyservers.net having trouble?)]

On Apr 6, 2010, at 3:17 PM, Jeff Johnson wrote: > > On Apr 6, 2010, at 2:37 PM, David Shaw wrote: >> >> Just rig it up similarly to how DNS does it. Rank things in order of >> performance, and then artificially penalize the fastest ones on each >> iteration unt

Re: [Fwd: Re: [Sks-devel] Alternative to round-robin (was Re: pool.sks-keyservers.net having trouble?)]

On Apr 6, 2010, at 2:28 PM, Jeff Johnson wrote: > > On Apr 6, 2010, at 1:43 PM, David Shaw wrote: > >> On Apr 5, 2010, at 5:01 PM, Kristian Fiskerstrand wrote: >> >>> I also did some minor fiddeling around with the priorities. It still >>> only returns a

Re: [Fwd: Re: [Sks-devel] Alternative to round-robin (was Re: pool.sks-keyservers.net having trouble?)]

On Apr 5, 2010, at 5:01 PM, Kristian Fiskerstrand wrote: > I also did some minor fiddeling around with the priorities. It still > only returns a limited amount of records (currently 10), but those with > a higher weight are always prioritized in the selection as well. > > Feel free to come with i

Re: [Fwd: Re: [Sks-devel] Alternative to round-robin (was Re: pool.sks-keyservers.net having trouble?)]

On Apr 5, 2010, at 4:04 PM, Kristian Fiskerstrand wrote: > David Shaw wrote, On 04/05/2010 09:25 PM: >> On Apr 1, 2010, at 12:30 AM, Jonathan Oxer wrote: >> >>> On Thu, 2010-04-01 at 00:13 -0400, Daniel Kahn Gillmor wrote: >>> >>> Sorry I can't ans

[Sks-devel] Alternative to round-robin (was Re: pool.sks-keyservers.net having trouble?)

On Apr 1, 2010, at 12:30 AM, Jonathan Oxer wrote: > On Thu, 2010-04-01 at 00:13 -0400, Daniel Kahn Gillmor wrote: > > Sorry I can't answer your other questions, but I just had a look in > db.log and found ... > >> * How often >> do you see queries? > > ...about 10k queries / day to keys.keysign

Re: [Sks-devel] pool.sks-keyservers.net having trouble?

On Apr 1, 2010, at 1:13 AM, Daniel Kahn Gillmor wrote: > Hi Ryan-- > > On 04/01/2010 12:45 AM, Ryan wrote: >> Couple thoughts, first of all if you have several >> machines doing regular queries you might look into running >> a local keyserver for your servers to sync off of.. if thats >> not a po

Re: [Sks-devel] Re: hkp

On Oct 15, 2009, at 6:55 PM, John Clizbe wrote: [cc to sks-devel as this may be a SKS issue] Matthias Fuchs wrote: Hi, Not sure if that is the correct ml, if not sorry in advance. I don't want to use hkp, but rather http e.g. http://stinkfoot.org:11371/pks/lookup?op=get&search=0x517D0F0E h

Re: Service discovery (was Re: [Sks-devel] pool.sks-keyservers.net DNS unresponsive?)

On Jul 6, 2009, at 3:06 PM, Daniel Kahn Gillmor wrote: On 07/06/2009 12:04 PM, David Shaw wrote: On the subject of the various "pool" keyserver addresses, I'm working on (re) adding SRV support to GPG using DNS service discovery. Excellent news, thank you David! Are you

Re: [Sks-devel] [Fwd: Re: pgp.mit.edu upgrading to SKS]

On Jul 3, 2009, at 2:49 PM, Jason wrote: On Fri, Jul 03, 2009 at 01:37:59PM -0500, John Clizbe wrote: Date: Fri, 03 Jul 2009 11:00:23 +0200 From: Werner Koch To: John Clizbe References: <20090702134246.gs...@rwpc12.mby.riverwillow.net.au> <87zlbn6t3z@wheatstone.g10code.de> <4a4d0816.1060

Service discovery (was Re: [Sks-devel] pool.sks-keyservers.net DNS unresponsive?)

On Jul 2, 2009, at 11:31 PM, Phil Pennock wrote: On 2009-07-02 at 14:00 -0400, Daniel Kahn Gillmor wrote: I appear to be getting no A records for pool.sks-keyservers.net. this seems like a Bad Thing. is anyone else seeing this? it's forcing my nameservice resolution to fall back to IPv6,

Re: [Sks-devel] pgp.mit.edu upgraded to SKS

On Jul 3, 2009, at 5:24 AM, Peter Pramberger wrote: Am Fr, 3.07.2009, 09:06, schrieb John Clizbe: I've attached a tarball of my dev copy. It's Peter's 0.8.2 with a couple patches to put an extracted key into own attachment and some mime-type tweaks. Also included are additional translations for

Re: [Sks-devel] pgp.mit.edu upgraded to SKS

On Jul 2, 2009, at 6:04 PM, Jonathon Weiss wrote: Hello All, I know this has already been mentioned here, but consider this the official announcement. Approximately 24 hours ago pgp.mit.edu was upgraded form an old sun box running PKS to new linux VM running SKS. I'm very excited that we are

Re: [Sks-devel] Can SKS cope with the same key (and same fingerprint) in two different roles?

On May 22, 2009, at 1:36 PM, Daniel Kahn Gillmor wrote: On 05/22/2009 01:31 PM, David Shaw wrote: I think it's not valid because the subkey expired in 2006. but the keyservers suggest that 1E88BF71 is valid until 2013-04-14, based on the most-recent subkey binding sig:

Re: [Sks-devel] Can SKS cope with the same key (and same fingerprint) in two different roles?

On May 22, 2009, at 1:20 PM, Daniel Kahn Gillmor wrote: On 05/15/2009 03:36 PM, David Shaw wrote: On May 15, 2009, at 10:09 AM, Daniel Kahn Gillmor wrote: Has anyone tested this? do you forsee any problems should such a pair of keys be injected into the SKS pool? This is not exactly

Re: [Sks-devel] Can SKS cope with the same key (and same fingerprint) in two different roles?

On May 15, 2009, at 10:09 AM, Daniel Kahn Gillmor wrote: Has anyone tested this? do you forsee any problems should such a pair of keys be injected into the SKS pool? This is not exactly common, but there are a few keys like this stored in SKS already. See keys 3D7D41E3 and D9F57808 for an

Re: [Sks-devel] keyserver verification of revocation certificates (gpg --keyserver-options include-revoked)

On Apr 24, 2009, at 7:25 PM, Daniel Kahn Gillmor wrote: I was just reading gpg(1) and i noticed this section within --keyserver-options: include-revoked When searching for a key with --search-keys, include keys that are marked on the keyserver as revo

Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG

; > correctly, or 1.0.9? > > So far i haven't heard anyone claim that 1.0.10 works correctly. 1.1.0 > works correctly, and david shaw just pointed out that 1.0.9 works > correctly. I believe 1.0.10 is the only version with this particular bug. That is my understanding as w

Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG

On Sun, Mar 22, 2009 at 07:41:50PM -0400, Daniel Kahn Gillmor wrote: > On 03/22/2009 06:41 PM, David Shaw wrote: > > The 'exact=on' problem is specific to 1.0.10. It worked properly in 1.0.9. > > > > See: http://www.mail-archive.com/sks-devel@nongnu.org/msg002

Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG

On Mar 22, 2009, at 11:08 AM, Daniel Kahn Gillmor wrote: This makes me think that what we're seeing is a bug in older versions of SKS that could cause serious incompatibilities. The reason i found it was a report from a user who was having difficulty searching for keys from the keyservers by

Re: [Sks-devel] keyserver.gingerbear.net: Dynamic IP Update didn't

On Fri, Mar 13, 2009 at 01:00:42PM -0400, Daniel Kahn Gillmor wrote: > I'm confident in this instance that your message is correct and > reasonable. But in combination with the recently-raised concerns about > misbehaving peers being able to cause massive memory overconsumption for > sks instance

Re: [Sks-devel] IPv6 and GPG

On Tue, Mar 10, 2009 at 10:48:46PM -0700, Phil Pennock wrote: > With the attached patch against gnupg-1.4.9, the key retrieval works. > It's just a matter of handling IP address literals in square brackets. Ah, right. I did do a conversion to using getaddrinfo a few years ago for IPv6 support, b

Re: [Sks-devel] IPv6 and GPG

On Tue, Mar 10, 2009 at 12:53:09PM -0700, Phil Pennock wrote: > > If you really need to know what IP is being used, add > > "keyserver-options debug"" to your config file. That tells the engine > > (either curl or the internal engine) to print each IP it tries during > > a key operation. > > Tha

Re: [Sks-devel] IPv6 and GPG

On Mon, Mar 09, 2009 at 02:49:52PM -0700, Phil Pennock wrote: > On 2009-03-09 at 09:19 -0400, David Shaw wrote: > > What with the recent discussion of IPv6, I'm curious if anyone has > > tested GPG against it for key retrieval and submission. It should > > "j

Re: [Sks-devel] details to configure SKS https web interface

On Mar 10, 2009, at 9:28 AM, Christoph Anton Mitterer wrote: On Mon, 2009-03-09 at 09:52 -0400, David Shaw wrote: We may end up with "hkps" on port 11372 just for lack of support for doing anything else. One should not use port numbers from the registered port numbers area,... i

[Sks-devel] IPv6 and GPG

What with the recent discussion of IPv6, I'm curious if anyone has tested GPG against it for key retrieval and submission. It should "just work" with the curl backend, but when GPG is built on a system without curl, an internal HTTP handler is used instead. I believe this handler code sho

Re: [Sks-devel] details to configure SKS https web interface

On Mar 8, 2009, at 3:50 PM, Daniel Kahn Gillmor wrote: On 03/07/2009 09:37 PM, David Shaw wrote: On Mar 7, 2009, at 7:30 PM, Daniel Kahn Gillmor wrote: We also are listening on port 11372 because this seems to be the choice of gnupg maintainers for hkp-over-tls (hkps?), according to this

Re: [Sks-devel] details to configure SKS https web interface

On Mar 8, 2009, at 3:13 AM, Kiss Gabor (Bitman) wrote: On Sat, 7 Mar 2009, Daniel Kahn Gillmor wrote: On 03/07/2009 03:03 PM, Joseph Oreste Bruni wrote: On Mar 7, 2009, at 8:11 AM, Gab wrote: I wish to in https ssl the sks web interface . What are the directives for cert.pem and key.pem and t

Re: [Sks-devel] details to configure SKS https web interface

On Mar 7, 2009, at 7:30 PM, Daniel Kahn Gillmor wrote: We also are listening on port 11372 because this seems to be the choice of gnupg maintainers for hkp-over-tls (hkps?), according to this recent (as yet unreleased) patch to gpg: http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/branches/STABLE-B

Re: [Sks-devel] Ports used by sks

On Feb 3, 2009, at 9:05 AM, Christoph Anton Mitterer wrote: On Tue, 2009-02-03 at 08:35 -0500, David Shaw wrote: Port 11370 is not user visible. Portnumbers aren't just for end user visible standard-ports... Look, I give up. You really really want to register it. It's cool to

Re: [Sks-devel] Ports used by sks

On Feb 3, 2009, at 2:00 AM, Andy Ruddock wrote: David Shaw wrote: On Feb 2, 2009, at 7:30 PM, Christoph Anton Mitterer wrote: Also, isn't the port changeable on a per-peer basis in SKS? If so, there is no point in registering the port at all, as setting up a new peer is a manual oper

Re: [Sks-devel] Ports used by sks

On Feb 2, 2009, at 7:30 PM, Christoph Anton Mitterer wrote: Also, isn't the port changeable on a per-peer basis in SKS? If so, there is no point in registering the port at all, as setting up a new peer is a manual operation. Well but this is also the case with the 11371 port, and basically wi

Re: [Sks-devel] Ports used by sks

On Feb 2, 2009, at 5:44 PM, Christoph Anton Mitterer wrote: On Mon, 2009-02-02 at 15:30 -0500, David Shaw wrote: The policy didn't exist yet when some of the early protocols got their port numbers. Certainly for the past 10 years or so, if you got one, you got the other. At least, t

Re: [Sks-devel] Ports used by sks

On Mon, Feb 02, 2009 at 01:25:55PM -0700, Joseph Oreste Bruni wrote: > > On Feb 2, 2009, at 1:19 PM, David Shaw wrote: > >> On Mon, Feb 02, 2009 at 11:15:04AM -0700, Joseph Oreste Bruni wrote: >>> Is UDP really used? >> >> No. The way the IETF assigns num

Re: [Sks-devel] Ports used by sks

On Mon, Feb 02, 2009 at 11:15:04AM -0700, Joseph Oreste Bruni wrote: > Is UDP really used? No. The way the IETF assigns numbers, if you get the TCP number, you get the UDP number with it. David ___ Sks-devel mailing list Sks-devel@nongnu.org http://l

Re: [Sks-devel] New to "sks" - looking for web front end

On Mon, Nov 10, 2008 at 03:21:05PM -0800, Jason Fesler wrote: > I'm trying to set up sks for internal use here, as many people don't > want to post their email address to public servers. One thought about this - if you are really only interested in internal use, and not planning on synchronizing

Re: [Sks-devel] serving a robots.txt

On Aug 15, 2008, at 4:44 AM, [EMAIL PROTECTED] wrote: Hi! E-Mail harvesting on PGP key servers can be done with such commands: http://www.google.com/search?q=site%3Akeyserver.fabbione.net+pks+uid I already receive spam because i decided to upload my public key years ago. I know its the sourc

Re: [Sks-devel] Fw: Remove entry D146D35E

On Tue, Sep 25, 2007 at 09:56:34PM +, Øyvind Skårland wrote: > \keyserver admin bounces\ > > > - Forwarded Message > From: Øyvind Skårland <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Sent: Tuesday, September 25, 2007 11:27:49 PM > Subject: Remove entry D146D35E > > > Dear admin,

[Sks-devel] Minor exact searching problem

There seems to have been a minor change in searching between SKS 1.0.9 and SKS 1.0.10. If someone is doing an "index" operation and the "search" parameter is a key ID (and thus begins with "0x"), and "exact" is set to on, then the search in 1.0.9 will work, but the search in 1.0.10 will not. A 1.

Re: [Sks-devel] key too large?

On Fri, Jul 14, 2006 at 04:14:43PM +0200, Peter Palfrader wrote: > On Thu, 13 Jul 2006, David Shaw wrote: > > > > gpg (GnuPG) 1.4.4-cvs, looks like a snapshot built around April 5th, > > > probably r4114. > > > > > > I don't see the proble

Re: [Sks-devel] key too large?

On Fri, Jul 14, 2006 at 01:12:10AM +0200, Peter Palfrader wrote: > On Thu, 13 Jul 2006, David Shaw wrote: > > > On Fri, Jul 14, 2006 at 12:32:39AM +0200, Peter Palfrader wrote: > > > On Fri, 14 Jul 2006, Peter Palfrader wrote: > > > > > > > I won

Re: [Sks-devel] key too large?

On Fri, Jul 14, 2006 at 12:32:39AM +0200, Peter Palfrader wrote: > On Fri, 14 Jul 2006, Peter Palfrader wrote: > > > I wonder if my key is too large for SKS to like: > > > > [EMAIL PROTECTED]:~$ gpg --send 94c09c7f > > gpg: sending key 94C09C7F to hkp server keyserver.noreply.org > > gpgkeys: HT

Re: [Sks-devel] Interesting key merging bug with searching

the SKS servers, or do other servers have the same bad key? > > y > > On 11/6/05, David Shaw <[EMAIL PROTECTED]> wrote: > > > > This was originally reported as a GnuPG bug, but it seems that SKS is > > actually making the odd response here. > > > >

[Sks-devel] Interesting key merging bug with searching

This was originally reported as a GnuPG bug, but it seems that SKS is actually making the odd response here. Basically there are two keys, both with key ID A56E15A3 (a natural collision). One has various user IDs indicating ownership by "Hubert Figuiere". The other one has a user ID for "Pedro R

Re: [Sks-devel] stripping GD sigs (was: Re: clean sigs)

On Fri, Sep 09, 2005 at 09:30:35AM -0400, Jason Harris wrote: > On Fri, Sep 09, 2005 at 08:31:35AM -0400, David Shaw wrote: > > On Fri, Sep 09, 2005 at 12:22:00AM -0400, Jason Harris wrote: > > [I'll address your other points later.] > > > If you insist on present

Re: [Sks-devel] stripping GD sigs (was: Re: clean sigs)

On Fri, Sep 09, 2005 at 12:22:00AM -0400, Jason Harris wrote: > > If I ran a keyserver, would it be appropriate for me to drop all > > signatures from your key D39DA0E3 simply because they're available > > somewhere else? > > keyserver.pgp.com doesn't synchronize with other keyservers, by design,

Re: [Sks-devel] stripping GD sigs (was: Re: clean sigs)

On Thu, Sep 08, 2005 at 11:10:23PM -0400, Jason Harris wrote: > On Thu, Sep 08, 2005 at 10:28:29PM -0400, David Shaw wrote: > > On Thu, Sep 08, 2005 at 10:08:24PM -0400, Jason Harris wrote: > > > > keyserver.kjsl.com is now stripping all GD sigs. The extra variable > >

Re: [Sks-devel] stripping GD sigs (was: Re: clean sigs)

On Thu, Sep 08, 2005 at 10:08:24PM -0400, Jason Harris wrote: > On Thu, Sep 08, 2005 at 08:00:25PM -0400, David Shaw wrote: > > On Fri, Sep 09, 2005 at 12:33:47AM +0200, Dirk Traulsen wrote: > > > > 3. Because now I was irritated, I did the same again with a diffe

Re: [Sks-devel] Re: zero-length MPIs (was: Re: mpi error with check-trustdb in 1.4.2 - resolved)

On Wed, Aug 31, 2005 at 04:07:38AM +0200, Peter Palfrader wrote: > On Thu, 11 Aug 2005, Jason Harris wrote: > > > On Thu, Aug 11, 2005 at 09:54:59PM +0200, Peter Palfrader wrote: > > > On Thu, 11 Aug 2005, Jason Harris wrote: > > > > > > Fetching them from keyserver.kjsl.com is now possible with

Re: [Sks-devel] Re: zero-length MPIs (was: Re: mpi error with check-trustdb in 1.4.2 - resolved)

On Wed, Aug 24, 2005 at 03:07:17PM +0200, Klaus Singvogel wrote: > I noticed that these messages are coming from > mpi/mpicoder.c:mpi_read() and had a closer look at it. :-) > > The second if check, for "goto overflow;" seems a bit doubtful (maybe > a copy&paste without to much thinking whats com

Re: [Sks-devel] Re: SKS v. unknown HTTP headers (was: Re: IPv6 failover?)

On Sat, Aug 20, 2005 at 12:32:52PM -0400, Yaron Minsky wrote: > > I'm not the best at reading ocaml, but it doesn't seem that your code > > will handle arbitrary %-escaping elsewhere in . The HTTP > > spec allows any character to be escaped. Some clients (like libcurl) > > are a little more agress

Re: [Sks-devel] Re: SKS v. unknown HTTP headers (was: Re: IPv6 failover?)

On Sat, Aug 20, 2005 at 07:00:30AM -0400, Yaron Minsky wrote: > On 8/19/05, David Shaw <[EMAIL PROTECTED]> wrote: > > > > I just tried it. It does not work. > > > Harumph. So I'm just confused. Here's the code in the current version: > > ma

Re: [Sks-devel] Re: SKS v. unknown HTTP headers (was: Re: IPv6 failover?)

I just tried it. It does not work. David On Fri, Aug 19, 2005 at 09:22:27PM -0400, Yaron Minsky wrote: > I still haven't heard back. Does the > sks.dnsalias.netkeyserver work with > gpg+libcurl? Has any one tried it? > > y > > On 8/13/05, Yaron Minsky <[EMAIL PROTECTED

Re: [Sks-devel] Re: SKS v. unknown HTTP headers (was: Re: IPv6 failover?)

On Tue, Aug 09, 2005 at 10:15:25AM -0400, Jason Harris wrote: > On Mon, Aug 08, 2005 at 09:14:53PM -0400, Yaron Minsky wrote: > > > I just committed a version of Jason's patch to my mainline tree. Any other > > patches not there that people think worth of inclusion before I bless > > another rel

[Sks-devel] Re: SKS v. unknown HTTP headers (was: Re: IPv6 failover?)

On Fri, Aug 05, 2005 at 06:33:25AM -0400, Jason Harris wrote: > On Thu, Aug 04, 2005 at 07:54:09AM -0400, David Shaw wrote: > > On Thu, Aug 04, 2005 at 12:24:27AM -0400, Jason Harris wrote: > > > > Thus, in reality, the "Expect: 100-continue" header appears t

[Sks-devel] Re: SKS v. unknown HTTP headers (was: Re: IPv6 failover?)

On Thu, Aug 04, 2005 at 12:24:27AM -0400, Jason Harris wrote: > > Also, going back to the original problem, can you send me the output > > when you try fetching a key with "--keyserver-options debug" set? > > OK, with --recv I see it falls back from v6 to v4, which is good, but it > fails with --