Re: The state of peer connectivity

Which reminds me: ‘cause of various operational issues and the time it needed to attend to them lately, the following servers have been stopped and aren’t operational anymore: sks2.cryptokeys. co.za sks1.cryptokeys.org.za sks2.cryptokeys

[Sks-devel] ProxMox/Debian 10.1 gnupg2 notice:

Thought it would be interesting to know this state: apt-listchanges: News - gnupg2 (2.2.12-1+deb10u1) buster; urgency=medium In this version we adopt GnuPG's upstream approach of making keyserver access default to self-sigs-only. This defends against receiving flooded

Re: [Sks-devel] The pool is shrinking

> On 16 Aug 2019, at 23:29 , Stefan Claas wrote: > > Hendrik Visage wrote: > >> SKS network contains *PUBLIC* keys. It’s purpose, is to PUBLICLY make your >> communications, signed/etc. with the associated *private* key, by directed to >> you and associated with

Re: [Sks-devel] The pool is shrinking

> On 16 Aug 2019, at 22:45 , Stefan Claas wrote: > > O.k. I understand your point, but what I like to say is that I or anybody > else can download a dump without running a key server. While running a > key server requires a dump, it would be really nice if dumps are only > available to a (trust

Re: [Sks-devel] The pool is shrinking

> On 16 Aug 2019, at 18:01 , Andrew Gallagher wrote: > > Signed PGP part > On 16/08/2019 16:13, Stefan Claas wrote: >> It should tell users that SKS operators share no dumps with 3rd >> parties for key analysis, i.e. social graph research etc. Those >> who publish a warrant canary can stay in t

[Sks-devel] Exploiting GDPR (Re: The pool is shrinking)

eely distribute this data, without > protecting it, to the whole world? If that is the case then EU citizens > having 'business' with the US can do the same with US citizens data. > > Well, just my thoughts. > > Regards > Stefan > > -- > box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a81

Re: [Sks-devel] The pool is shrinking

of global revenue or €20 million, depending on the severity and circumstances We recommend So far, the EU’s reach has not been tested, can help avoid drawing scrutiny from EU regulatory authorities --- Hendrik Visage signature.asc Description: Message s

Re: [Sks-devel] The pool is shrinking

>> In mid and longer term the penalty fees will be harmonized. Today every >>>>>> country has its own penalty fees and penalty practice. >>>>>> >>>>>> There is no more exceptions anymore such as it is technically impossible >>>

Re: [Sks-devel] The pool is shrinking

witter: @krifisk > > Public OpenPGP keyblock at hkp://pool.sks-keyservers.net > fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 > > Corruptissima re publica plurimæ leges > The greater the degeneration of the republic

Re: [Sks-devel] Key updates not propagating

ossip efficiently with peers, but that > weakly connected keyservers can remain in the pool regardless. > > A > > ___ > Sks-devel mailing list > Sks-devel@nongnu.org > https://lists.nongnu.org/mailman/listinfo/sks-devel ---

Re: [Sks-devel] Blacklisting on UID?

Cheers, > > -- > > Thorsten Bro > - Member of openSUSE Heroes - > > ___ > Sks-devel mailing list > Sks-devel@nongnu.org > https://lists.nongnu.org/mailman/listinfo/sks-devel --- Hendrik Visage HeViS.Co Systems Pty Ltd

[Sks-devel] 32bit UID spam/flood attack ?

https://www.hactrn.net/blog/2018/06/11/32-bit-pgp-keyid-delenda-est/ <https://www.hactrn.net/blog/2018/06/11/32-bit-pgp-keyid-delenda-est/> Anybody else seen/aware of this on the SKS servers? --- Hendrik Visage HeViS.Co Systems Pty Ltd T/A Envisage Systems / Envisage Cloud Solutions +27-

Re: [Sks-devel] heads-up: another attack tool, using SKS as FS

SKS > dumps, very few uids are miscategorized. > > It may be hard to do with 100% accuracy, but it's unsurprisingly easy do well > enough. The words “machine learning” comes to mind… wonder if somebody with Amazon/Google/Azure contacts might be able to reach out and ask f

Re: [Sks-devel] heads-up: another attack tool, using SKS as FS

em.) > > See also "web of trust" and "strong set". > Addresses should/can be checked by humans worldwide who sign/certify the key. I’ve been trying to get mine “signed” by Web-Of-Trust for years now… also not that “easy” ;( --- Hendrik Visage HeViS.Co Systems Pty Ltd T/A Envis

Re: [Sks-devel] Deployment question about non-public server with oneway feed

when it receives keys via the recon/whisper partners (Else every one will sent out emails with each and every sync, ie. >100mails/days…) I think the (wish list) option to have a 1-way sync setting, ie. Any and all keys you receive, you forward in that direction, no matter whether that server

Re: [Sks-devel] keyserver1.computer42.org is dropping peers [but not keyserver2.computer42.org]

.de11370 # Stefan Tomanek 0xAC2C9AAB > # key1.dock23.de 11370 # Ramón Goeden > 0xb7c51fd6 > > > If you're sure that your server is stable and not affected by the malicious > key problem contact me for activating the peering again. > &

[Sks-devel] SKS metrics (wish list)

the SKS server's language O_O ) --- Hendrik Visage HeViS.Co Systems Pty Ltd T/A Envisage Systems / Envisage Cloud Solutions +27-84-612-5345 or +27-21-945-1192 hvis...@envisage.co.za signature.asc Description: Message signed with OpenPGP ___ Sks-

Re: [Sks-devel] One Way replication (for test environments)

eeeds from the public servers, but no egress to the public side. Might be good for others to test there “test certs/keys” against before actual publication?? --- Hendrik Visage signature.asc Description: Message signed with OpenPGP ___ Sks-devel m

[Sks-devel] One Way replication (for test environments)

I’m considering setting up some test environments for the “researchers” to test the SKS keyservers, but I was wondering about one way replication, ie. one server that will only sent out to the test server(s), but not receive from them. What’s the easiest to set that up? --- Hendrik Visage

Re: [Sks-devel] SKS apocalypse mitigation

tly, sent an email, look at an URL with the signed picture… --- Hendrik Visage signature.asc Description: Message signed with OpenPGP ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] TLS 1.3 and HKPS pool

he pool, but lets do this manually if so. I’ve not seen and TLS1.2 security issues yet (but then I might’ve missed it in the deluge of meltdown/spectre/memcached) so I don’t see the need/reason to disable TLS1.2 --- Hendrik Visage HeViS.Co Systems Pty Ltd T/A Envisage Systems / Envisage Cloud

Re: [Sks-devel] Operational question for all

om those names in the membership file, gets ignored. That might be a version 2 feature request: have peers authenticated not based on IP, but pub/private keys --- Hendrik Visage HeViS.Co Systems Pty Ltd T/A Envisage Systems / Envisage Cloud Solutions +27-84-612-5345 or +27-21-945-1192 hvis...@en

Re: [Sks-devel] seeking peers for pgp.securitytext.org

> On 13 Mar 2018, at 07:54 , Alain Wolf wrote: > > Hello PGP Key Server Administrator > > I don't think this setup will make it into the pool: > > * pgp.securitytext.org points to a Cloudflare IP, which does not answer > to OpenPGP clients on TCP port 11371. Yeah, that definitely won’t wor

[Sks-devel] sks?.inx.net.za peers please

Good day, Looking for peers for the following servers in South Africa: sks1.inx.net.za 11370 # JNB: Hendrik Visage 0x9c1384b1168fd423 / Nishal Goburdhan 0x97db45a1fcd1545f sks2.inx.net.za 11370 # CTN: Hendrik Visage 0x9c1384b1168fd423 / Nishal Goburdhan 0x97db45a1fcd1545f sks3.inx.net.za

Re: [Sks-devel] pool for Africa?

> On 06 Feb. 2018, at 18:53 , Andrew Gallagher wrote: > > On 06/02/18 16:45, Hendrik Visage wrote: >> Good day, >> >> As I’m busy setting up and deploying SKS servers at INX)ZA sites (three >> at present) and some of the other African peering points, the qu

[Sks-devel] pool for Africa?

Good day, As I’m busy setting up and deploying SKS servers at INX)ZA sites (three at present) and some of the other African peering points, the question arose: how many servers would be needed to make a sensible pool for Africa? --- Hendrik Visage HeViS.Co Systems Pty Ltd T/A Envisage Systems

[Sks-devel] dump-only server (gossip but not public pool availability)

then be a server I could easily take offline and dump keys every so often, not impacting the pool availability etc. Which settings should I use to achieve the above, as it seems the moment I start the server, it starts to broadcast it’s availability to be included in the pool? --- Hendrik Visage

Re: [Sks-devel] Descriptive error meesages

(pseudo code) of what happened look like this in the current codebase: socket=connect(remote_addr,port) if socket <= then print systemError() else send_data(socket) fi Instead what I would liked to see: print “Attempted to connect to {remote_addr) on {port} and received the following error: “ s

[Sks-devel] Descriptive error meesages

OCAML reference & tutorial guides? (2) Where should I start looking for these errors messages to help enhance them? --- Hendrik Visage HeViS.Co Systems Pty Ltd T/A Envisage Systems / Envisage Cloud Solutions +27-84-612-5345 or +27-21-945-1192 hvis...@envisage.co.za signature.asc Description:

[Sks-devel] SKS peering?

sks2.cryptokeys.org.za - France IPv4 & IPv6 Once these are up & running I’ll lobby for a 2nd server in South Africa --- Hendrik Visage HeViS.Co Systems Pty Ltd T/A Envisage Systems / Envisage Cloud Solutions +27-84-612-5345 or +27-21-945-1192 hvis...@envisage.co.za signature.asc Description: Me

[Sks-devel] SKS behind NAT firewall

firewall to the SKS server? Reason I’m asking: I’m not quite clear in understanding the recon settings, and I’d rather ask experience before I chase down the wrong alley. --- Hendrik Visage HeViS.Co Systems Pty Ltd T/A Envisage Systems / Envisage Cloud Solutions +27-84-612-5345 or +27-21-945-1192

Re: [Sks-devel] Debian asks package and default paths

Thanks for the explanation Daniel > On 23 Jan. 2018, at 18:18 , Daniel Kahn Gillmor > wrote: > > On Tue 2018-01-23 10:51:54 +0100, Alain Wolf wrote: >> I would try to change desired filepaths in >> debian/patches/0001-use-debian-fhs.patch > > Hi there-- > > I'm one of the current maintainers

Re: [Sks-devel] Debian asks package and default paths

> On 23 Jan. 2018, at 11:51 , Alain Wolf wrote: >> >> strings does show that /var/log/sks/db.log is in the Debian packaged >> /usr/sbin/sks file. >> > > I would try to change desired filepaths in > debian/patches/0001-use-debian-fhs.patch Okay, that implies recompiling/packaging ;) Thanks!

[Sks-devel] Debian asks package and default paths

still get this: Fatal error: exception Sys_error("/sks2/sks/db//var/log/sks/db.log: No such file or directory”) strings does show that /var/log/sks/db.log is in the Debian packaged /usr/sbin/sks file. --- Hendrik Visage HeViS.Co Systems Pty Ltd T/A Envisage Systems / Envisage Cloud Solu