Re: ... GDPR takedown request

On Wed, 15 Jun 2022, Tobias Mueller wrote: > > And moreover how will I do? > You can parse the file with, e.g., sequoia. Thanks. Unfortunately the keydump is kept on an old Debian machine. I'm not sure I can install sequoia there. I have to search alternate solutions too. > But you surely knew t

Re: ... GDPR takedown request

On Tue, 14 Jun 2022, Jeremy T. Bouse wrote: > Am I understanding correctly and you're saying that even with the server > down he sent the GDPR notice to you? The last keydump is available yet. However I can't imagine how did he find the 16 keys in the 12 GiB compressed binary mess-up. And moreove

Re: ... GDPR takedown request

> > IMHO Mr. Puerto must show some evidence first about the key to delete > > belongs to him. Otherwise any impostor can make delete other guys' > > key. > > I thought the same thing and asked him (privately) to resend his request > in a PGP-signed email, which he did, so this is legit. Gee. I'm

Re: keyserver.insect.com GDRP takedown request

> We have received the same take down request from Mr. Puerto as several other > keyservers under GDRP. IMHO Mr. Puerto must show some evidence first about the key to delete belongs to him. Otherwise any impostor can make delete other guys' key. Gabor

Re: shutdown of pgpkeys.co.uk and pgpkeys.uk

On Tue, 22 Jun 2021, Todd Fleisher wrote: > This service is deprecated. This means it is no longer maintained, and new > HKPS certificates will not be issued. Service reliability should not be > expected. > > Update 2021-06-21: Due to even more GDPR takedown requests, the DNS records > for the

Re: Livelihood statistics of the SKS keyserver network

On Thu, 13 May 2021, Gunnar Wolf wrote: Dear Gunnar, > > Okay, but it would be useful if you could standardize the graphs somehow. > > I.e. try to PLOT successful_connections per time_interval. > > I don't know if I understood this correctly. As I said, I changed the > polling frequency after a

Key diff anomaly

I've just noticed that key diff of ALL current 26 pool members is negative. Meanwhile keyserver.snt.utwente.nl is dropped from the pool however it seems to be absolute healthy. Except its key diff: 73432. I guess this this node got an attack-like burst of keys from outside. (And this 73k extra key

An evil idea :-)

One can decide to setup a proxy server without any own backend but redirecting queries to some of the existing servers. No one would recognize the cheating. :-) Gabor -- "Virgil Brigman back on the air" (Abyss)

Hard core

Dear folks, I analyzed data collected on https://sks-keyservers.net/status/. Only the following 36 servers worked at all in the past 6 days: agora.cenditel.gob.ve keyserver.hyperboria.net.pl zuul.rediris.es pgpkeys.eu pgp.benny-baumann.de keys2.andreas-puls.de pgp.cyberbits.eu keyserver.taygeta.c

Re: seeking peers for hyperboria.net.pl

On Thu, 15 Oct 2020, Todd Fleisher wrote: > Do you mean largest files or largest keys within files? Either way, could you I cannot analyse the dumps. (I started to wrote a parser but I could not finish it.) So I simply check file sizes. Script computes the average of lengths and standard deviatio

Re: seeking peers for hyperboria.net.pl

On Thu, 15 Oct 2020, Adam Wojcieszonek wrote: > Now when trying to normal rebuild then: > > DB time: 0.38 min. Total time: 0.84 min. > Loading keys...Fatal error: exception Stack overflow > Command failed unexpectedly. Bailing out > > ...and when fast rebuild : > > === Running fastbuild... ==

Re: Status page for non existent servers

On Sun, 2 Aug 2020, Philihp Busby wrote: > If you're familiar with PHP, you can read the source here > https://git.sumptuouscapital.com/?p=sks-keyservers-pool.git;a=blob;f=sks-keyservers.net/status-srv/sks.inc.php Oh, I see. Class sks_servercollection has method add_server() but I'm afraid of no

Status page for non existent servers

Dear Kristian, How does sks-keyservers.net work? More precisely how could a server get off the list? E.g. fks.pgpkeys.eu is unreachable since 14 months, no other servers refer it but it does not disappear from the list. keys01.fedoraproject.org and keys02.fedoraproject.org are also unreferenced

Re: Desperately Seeking Kristian - SKS HKPS certificate renewals

On Fri, 12 Jun 2020, Todd Fleisher wrote: > Thanks for the suggestion, Gabor. He doesn?t appear to have been active there > since last summer, but it can?t hurt to try. Ooops... I thougth these are fresh posts. I missed the year. :-( Sorry for the line noise. Gabor

Archaic membership entries

Dear folks, Page https://sks-keyservers.net/status/ lists tons of key servers "currently not in the pool". This is quite illusory. Actually most of them are dead since years. They just listed here because some of us refer them in the membership file. E.g. gpg.planetcyborg.de was lastly functional

Analyzing dumps (Was: 6 million)

On Sat, 2 May 2020, Wiktor Kwapisiewicz wrote: > On 02.05.2020 07:55, Gabor Kiss wrote: > > I would create such a programs from the scratch but I cannot > > find even the format description of the dump file. :-( > > Last time I checked dumps where just packet piles so any OpenPGP tool > could rea

Re: 6 million

On Sat, 2 May 2020, Wiktor Kwapisiewicz wrote: > Last time I checked dumps where just packet piles so any OpenPGP tool > could read it. Oh! RFC-4880. Thanks! :-) Gabor

https://sks-keyservers.net/status/ is behind time

Dear Kristian, Status page is not up to date. E.g. the current status 2020-04-04 05:35 (UTC) appeared some 90 minutes later. Regards Gabor

keys.niif.hu is down. help needed

Dear folks, A few days ago keys.niif.hu was rebooted and the SKS could not start any more. I tried to get a fresh dump and to rebuild the database several times but it was a failure. The indexing program always crashed when processing the 6th file. I guess there is a poisoned key inside. Maybe if

Re: [Sks-devel] No peers/status?

> > SKS on port 11371 will not have SSL, so the URL should be > > http://sks.e-utp.net:11371/pks/lookup?op=stats ? https on port 443 for that > > URL does return data: https://sks.e-utp.net/pks/lookup?op=stats > > > > Uhm... HTTP version just redirect

Re: [Sks-devel] No peers/status?

> SKS on port 11371 will not have SSL, so the URL should be > http://sks.e-utp.net:11371/pks/lookup?op=stats ? https on port 443 for that > URL does return data: https://sks.e-utp.net/pks/lookup?op=stats > Uhm... HTTP version just redirects me to HTTP

[Sks-devel] No peers/status?

Dear Martin, According to https://sks-keyservers.net/status/ks-status.php?server=sks.e-utp.net sks.e-utp.net has no peers. meanwhile at least 4 other servers think peering is established with your one. It may not independent from the fact that page https://sks.e-utp.net:11371/pks/lookup?op=stats

Re: [Sks-devel] searching for new peers

> keyserver.escomposlinux.org 113710 # > 0x9494EB8D619AFE032AD1C2DCBE84550A2578867D PGP Key Server Administrator > > > And I kindly request other servers in the pool to add our server as a > peer. You are welcome. My entry is # Gabor Kiss 0x3B4A0EFBBD368329 keys.niif.hu 11370 Regards Gab

[Sks-devel] Status page problem

Dear Kristian, This screenshot was created this morning. (Cca. 04:00 UTC) http://bakacsin.ki.iif.hu/~kissg/tmp/sks-pool_screenshot.png Regards Gabor ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

> So to answer your questions: Ryan, have you ever seen this funny picture? :) http://en.wikipedia.org/wiki/File:DoNotFeedTroll.svg Gabor ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

> > At this moment there is only 27 members of pool.sks-keyservers.net. > > JFR: The new negative record is 25... 21. Gabor ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

On Fri, 21 Jun 2019, Kiss Gabor (Bitman) wrote: > At this moment there is only 27 members of pool.sks-keyservers.net. JFR: The new negative record is 25... Gabor ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mail

Re: [Sks-devel] extending status pages

> See Membership fileSee reference membership file Oh! I never knew where this list come from. I begin to understand... :) Thanks Gabor ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel

[Sks-devel] extending status pages

Dear Kristian, I have a suggestion about status pages. Would you mind to provide information about what other hosts consider a given server as a peer? I mean it could be a third HTML table on bottom of page https://sks-keyservers.net/status/ks-status.php?server=SOME.HOSTNAME.HERE titled as "Refer

[Sks-devel] Extreme memory usage

Dear folks, I experienced in the past months that my SKS instance dies almost every day. Now I think I found the reason. Program crashes when e-mail address to be search is broken into mostly 1-3 letter words. These very short words - that are legitim search patters - make sks db process eat the

[Sks-devel] Website down

Dear Kristian, I wonder if you know that https://sks-keyservers.net/ is unreachable? Regards Gabor ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel

[Sks-devel] The pool is shrinking

Dear Kristian, At this moment there is only 27 members of pool.sks-keyservers.net. And no more than 3 HKPS server are enlisted. It is a real possibility that this number drops below 1. Don't you want to revise your strict policy about issuing certificates? Regards Gabor ___

[Sks-devel] Ten thousands new keys

In the last 3 days some 3 new keys were uploaded. The rate is 10 times higher than the average. Regards Gabor ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] IPv6 status

> > https://sks-keyservers.net/status/ks-status.php?server=keys.niif.hu > > my server has not IPv6 connectivity. However I'm pretty sure it has. :-) > > Could you check this problem? > > Sure its not blocked by firewall or something? > curl "http://[2001:738:0:600:216:3eff:fe02:42]:11371/pks/looku

[Sks-devel] IPv6 status

Dear Kristian, According to https://sks-keyservers.net/status/ks-status.php?server=keys.niif.hu my server has not IPv6 connectivity. However I'm pretty sure it has. :-) Could you check this problem? Regards Gabor ___ Sks-devel mailing list Sks-devel@n

Re: [Sks-devel] [openpgp] Modelling an abuse-resistant OpenPGP keyserver

> Put keys in the blockchain? There's got to be something it's useful for apart > from fuelling pump-and-dumps. AFAIK blockchain per se is not abuse resistant. Anyway storage medium does not matter in the first round. Gabor ___ Sks-devel mailing list

Re: [Sks-devel] Fulfilled disk

> Do you have the needed DB_CONFIG files in your DB & PTree directories? This > used to happen to me before I put those in place an rebuilt my databases. OMG! :-( You are right. Thank you. Gabor ___ Sks-devel mailing list Sks-devel@nongnu.org https:/

[Sks-devel] Fulfilled disk

Dear folks, Yesterday someone started to fill /var/lib/sks/DB with 1 MiB log files until the 40 GiB partition got full: -rw--- 1 debian-sks debian-sks 10485759 Mar 28 07:15 log.002374 -rw--- 1 debian-sks debian-sks 10485759 Mar 28 07:15 log.002375 -rw--- 1 debian-sks debian-sk

Re: [Sks-devel] keys.niif.hu is back on the air (Was: Cannot rebuild keys.niif.hu)

> How much RAM are you (or others) finding is sufficient? Database indexing (/usr/lib/sks/sks_build.sh and its children) consumed cca. 2.5-2.8 GiB memory. Meanwhile the whole VM had 2.0 GiB RAM only. Yesterday my colleagues increased memory size up to 6000 kiB or so. Now machine can breathe. :-)

[Sks-devel] keys.niif.hu is back on the air (Was: Cannot rebuild keys.niif.hu)

Two weeks ago I wrote: > Since three weeks keys.niif.hu is out of order. > I tried to setup it from scratch. Twice. > Keydump is downloaded, database is rebuilt. > Program starts but status page shows 0 keys. > What did I miss? The main problem was lack of enough RAM. Now the VM is reconfigured.

[Sks-devel] Cannot rebuild keys.niif.hu

Dear folks, Since three weeks keys.niif.hu is out of order. I tried to setup it from scratch. Twice. Keydump is downloaded, database is rebuilt. Program starts but status page shows 0 keys. What did I miss? Any hints would be appreciated. Regards Gabor _

[Sks-devel] Quick and dirty test

Hi folks, It is funny but one of my peer partners did not notice that his server is dead since a few months. :-) So I just show anyone who is interested in it how a simple but effective cron job warns me if my server is not OK: 42 5-8,15-20 * * * test "$(curl -s https://sks-keyservers.net/sta

Re: [Sks-devel] keyserver.brian.minton.name offline for a few days

> > So it looks like the dump from keys.niif.hu got corrupted as well... > > Ooops! > Thanks for the heads-up. > > I'll check it. Actually I generated a new dump. Gabor -- A mug of beer, please. Shaken, not stirred. ___ Sks-devel mailing list Sks-de

[Sks-devel] No status page

Dear Kristian, Page https://sks-keyservers.net/status/ contains no key servers. Regards Gabor -- "Wenn ist das Nunstück git und Slotermeyer? Ja! ... Beiherhund das Oder die Flipperwaldt gersput." ___ Sks-devel mailing list Sks-devel@nongnu.org https:

Re: [Sks-devel] Clustering (Was: New Keyservers and Dumps)

> > Does an SKS cluster need multiple storage space, > > or nodes can share the database? > > the DB/storage needs to be separate, but it doesn't require multiple VMs Unfortunately it is the disk space what is the bottleneck at me. However I consult my colleagues. Thanks. Gabor ___

Re: [Sks-devel] heads-up: another attack tool, using SKS as FS

On Fri, 13 Jul 2018, Ryan Hunt wrote: > Sooner or later you guys need > start looking forward, if mistakes were made in the past ignoring them is not > going to solve anything. > Ignore the users, your the sysops.. Either SKS will die, or the entire thing > is going to have to be scrapped and red

[Sks-devel] Pool management is broken

Page https://sks-keyservers.net/status/ is (almost) empty. Gabor ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel

[Sks-devel] Eventloop.SigAlarm

I can see such error messages in db.log: 2018-06-26 21:56:18 Del'ng hash EF2602E9CC075BFEE833DFB9004582F3 2018-06-26 21:56:18 Del'ng hash F25AE814C4A6B721013179B9F4D36D87 2018-06-26 21:58:41 add_keys_merge failed: Eventloop.SigAlarm 2018-06-26 21:58:52 Key addition failed: Eventloop.SigAlarm 2018-

Re: [Sks-devel] pool status page, not recognizing hkps

On Tue, 5 Jun 2018, Phil Pennock wrote: > https://bitbucket.org/skskeyserver/sks-keyserver/wiki/TLS%20Configuration > > I've updated it to be clearer about the need for manual action to join > the pool and to link to the instructions for doing so. | In practice, there's one well-run HKPS pool, w

[Sks-devel] disk full, keys.niif.hu crashed

Yesterday at 18:15 (CEST) keys.niif.hu started to produce tons of logs in /var/lib/sks/DB. In less than 2 hours the 40 GB filesystem got fulfilled. Deleting files and restarting processes did not help: recon.log: 2018-06-15 05:50:09 Opening log 2018-06-15 05:50:09 sks_recon, SKS version 1.1.6 2018

Re: [Sks-devel] CSR

On Tue, 22 May 2018, Kiss Gabor (Bitman) wrote: > Dear Kristian, > > Certificate of keys.niif.hu expires within a month. > Please find enclosed a new CSR. Reminder: 9 days left till expiry... Regards Gabor ___ Sks-devel mailing li

Re: [Sks-devel] SKS apocalypse mitigation

> > Requests may be "iterative" or "recursive" (words are stolen from DNS). > > Users send recursive request: "I don't care how many peers > > you ask, but tell me the key with all signatures." > > The DNS has a hierarchical structure that allows the authoritative source for > data to be found wi

Re: [Sks-devel] Implications of GDPR

> What about only accepting valid keys and removing all revoked or expired keys > from the database? If someone wants to have his data deleted he can revoke > his key and the revoked signature is synced over all keyservers which then > delete them from their own db - new revoked keys are simply

Re: [Sks-devel] Out of the pool

> If enough people are sending the signal to regenerate stats every hour, > then the distribution of total key counts would cluster around a higher > value, so that people who rely solely upon daily key generation might > drop more than two stddevs below the mean (of numbers after outlier > exclusi

[Sks-devel] "funny sks :-)" eh?

Dear Kristian, Is it you who are pushing the envelope? :-) Do you want to know the limits of key servers? Or someone else buggered you around? In this case we can see another example of how easy to deprave this infrastructure. http://keys.niif.hu/pks/lookup?op=vindex&search=0x0B7F8B60E3EDFAE3 (s

[Sks-devel] "Error handling request. Exception raised."

Dear developers, The recently installed SKS 1.1.6 produces a quite evasive error message if I make search with too many hits (e.g. for word "com"): Error handling request Error handling request. Exception raised. Maybe the message could be a more informative a bit... :-) Cheers

[Sks-devel] Missing peers on status page

Dear Kristian, I've noticed that page https://sks-keyservers.net/status/ks-status.php?server=keyserver.searchy.nl does not list any peers. However according to http://keyserver.searchy.nl:11371/pks/lookup?op=stats server has 13+2 gossip partners. I wonder if the two pure IP addresses make your su

[Sks-devel] keys.niif.hu is out of order

Folks, Due to some disk space problems I have to stop SKS on keys.niif.hu for a few days. Gabor ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel

[Sks-devel] Certificates

Dear Kristian, When comes the next service window when you issue certificates for hkps.pool.sks-keyservers.net? Regards Gabor ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel

[Sks-devel] pks.aaiedu.hr ?

Dear Dinko, Your key server seems to be out of order since this January. What is the matter? Should I stop peering? Regards Gabor ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel

[Sks-devel] No IPv6

Dear Kristian, Column 'IPv6' is fully red on page https://sks-keyservers.net/status/ It seems your monitoring host lost its IPv6 connectivity. Gabor ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel

[Sks-devel] pks.aaiedu.hr disappeared

Dear Dinko, Your server seems to be missing sincs 21st of January. May I delete it from my membership file? Regards Gabor -- The Meaning of Life of Brian ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-de

Re: [Sks-devel] nokeyserver annotation

> Some quick thoughts: > > - interesting idea, > - to do this keyservers will have to actually do cryptography This is the only problem I think. But it is not too serious. A server has to verify a signature once in a key's lifetime. > - how does one propagates a "nokeyserver" annotation on a key

[Sks-devel] Duplicated entries on status page

Page https://sks-keyservers.net/status/ks-status.php?server=keyserver.kjsl.com show some peers twice: ice.novusordo.net keys.fedoraproject.org keyserver.oeg.com.au keyserver.sincer.us Is this intentional? Gabor ___ Sks-devel mailing list Sks-devel@non

[Sks-devel] sks-keyservers.net is down?

It seems to be unreachable. Gabor ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Depeering Notice

> > Or don't you want to peer with servers having too few keys? > > Having too few keys leads to practical problems .. it directly leads to > excessive resource usage during recon. Having a large delta and not > catching up is a very good reason to de-peer. This year my server was dropped from th

[Sks-devel] www.keysigning.org?

Who knows what happened to www.keysigning.org? It is unreachable. Gabor ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] spodhuis keyserver: status update

> > According to > > https://sks-keyservers.net/status/ks-status.php?server=sks.spodhuis.org > > you did not delete keys.niif.hu, however we are not peering since 2011. > > Oh? What happened to trigger the removal on your side? Dear Phil, I really don't know. The reason was not recorded but jus

[Sks-devel] No IPv6 servers in the pool

And $ host ipv6.pool.sks-keyservers.net Host ipv6.pool.sks-keyservers.net not found: 3(NXDOMAIN) $ Gabor ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel

[Sks-devel] hkps certificates

Dear folks, Let's start thinking about how to issue HKPS certificates in the future. I'm afraid Kristian is too busy to do this. First: I don't know exactly if sks-keyservers.net CA certificate is hardwired into HKPS clients or not? Is it possible to change it? Is is possible add more root certif

[Sks-devel] Where is Kristian?

He seems to be disappeared. No mail since 27th of April. What happened to? Gabor -- "Spider-Pig, Spider-Pig Does whatever a Spider-Pig does. Can he swing from a web? No, he can't, he's a pig. Look out! He is a Spider-Pig." ___ Sks-devel mailing list Sk

[Sks-devel] Oh, Jeeez...!

Guys, Have you remembered I'm continuosly worrying about trolls pumping 10-20 millions of dummy keys into key servers? It is started... http://keys.niif.hu/pks/lookup?op=vindex&search=0x0B7F8B60E3EDFAE3 (Scroll over the whole page.) So we must hard think how to delete keys/signatures. Gabor __

Re: [Sks-devel] keys.gnupg.net anomaly

> This is only required for port 11371 and is explicitly covered in > https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering > > } HTTP Performance > } [...] > } Beware that for port 11371 traffic, you *must* be able to handle > } requests with _any_ `Host:` header, for the various pools

[Sks-devel] keys.gnupg.net anomaly

I found requests for https://keys.gnupg.net/ in my Apache logs on keys.niif.hu. Of course they were unsuccessful because my HTTP daemon is not set up to provide this virtual site. In the DNS we can see this: keys.gnupg.net CNAME pool.sks-keyservers.net Phil Pennock writes on http://sks

[Sks-devel] I provide keydump again

Dear folks, I can offer weekly keydump again at http://keys.niif.hu/keydump/. It will be generated every Monday. Regards Gabor -- The Meaning of Life of Brian ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/s

[Sks-devel] Empty dump

Dear Carles, Have you noticed, that https://pgp.key-server.io/sks-dump/ provides no data to download? Regards Gabor ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel

[Sks-devel] No IPv6?

Dear Kristian, I just inform you that all but one servers lost its IPv6 connectivity since this morning. At least according to page https://sks-keyservers.net/status/. Regards Gabor ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.

Re: [Sks-devel] Checking dump

Dear Andrew et al, > I'm starting to think your dumps may be bad. I've counted the 'packet:' lines > and the total lines and my figures come to 14 million and 89 million > respectively. You must be right. I've just compiled the pgpdump program written by Kazu Yamamoto. http://www.mew.org/~kazu/pr

[Sks-devel] Checking dump

Dear folks, First of all I wish all of you happy new year. "And now for something completely different." :-) For a while I suspect that my weekly keydump[1] is incomplete due to lack of enough disk space. How could I easily check completeness of dumped database? E.g. is there a oneliner that coun

Re: [Sks-devel] Well connected?

> Peering protocol should be manual as there is a level of trust (not > necessarily a very high bar, but one there still) required between the > operators. What kind of trust you mean? Guess how many goodlooking keyserver is operated by government agencies. :-) Gabor

[Sks-devel] IPv6 monitoring problem

Dear Kristian, On page https://sks-keyservers.net/status/ almost all cell is red in IPv6 column. I guess there is some network problem at you. Regards Gabor -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What i

Re: [Sks-devel] Dropped from the pool

> >> I wonder how your filtering algorithm works? Did you set an > >> absolute or relative threshold of missing keys? Is it possible to > >> tune it a bit? > > 300 is the min treshold as set currently. It does a two-pass > calculation to determine std deviation, the treshold is Max(300, > 0.5\sigm

Re: [Sks-devel] Dropped from the pool

> The gossip interval by default is 60min, which means you only > get one gossip between health checks in the pool. I've set my > "gossip_interval: 1" so that it gossips every minute, which > seems to keep my system up to date much better. Dear Daniel, IMHO this is not scalable. What gossip inter

[Sks-devel] Dropped from the pool

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear Kristian, I can see, that several servers are dropped from the pool with reason "missing keys". (Including mine. :) At this moment I can see three servers with key diff -344. Comparing this number to the total number of keys (4013325) we get tha

Re: [Sks-devel] HKPS certificate

> > [alt_names] DNS.1 = hkps.pool.sks-keyservers.net DNS.2 = > > *.pool.sks-keyservers.net DNS.3 = pool.sks-keyservers.net DNS.4 = > > keys.niif.hu > > This part is unnecessary, the SANs are added by me the input is > discarded when generating the certificate. So you can simplify this to Anyway t

Re: [Sks-devel] sks hiddden service

> The risk is that if the user is accessing the normal site over http is > that the data may be manipulated by for example the exit node. > The user doesn't have this problem if all data stays inside of the tor > network. I see. TOR is used as replacement of TLS. :- Gabor -- "Mz mn fszm mhrm

Re: [Sks-devel] sks hiddden service

Dear Christiaan, > Hidden services are quite secure in the tor network. If the user wants > to use it they can. > This one is not for the protection of the server, just for if the user > wants to use it. Secure? Eeerrr... what is the risk of using a public service in TOR user's point of view? (Co

Re: [Sks-devel] memory leak

> > > > Once you do it the log will have the peer you are connected to when > > > > the Out of memory happens. > > > > > > It is cccmz.de. All "Out of memory" messages are in this context: > > > > > Christian! > > > I cease peering for a few days to see if extreme memory consumption > > > was real

Re: [Sks-devel] memory leak

On Thu, 19 Mar 2015, Kiss Gabor (Bitman) wrote: > > > Once you do it the log will have the peer you are connected to when > > > the Out of memory happens. > > > > It is cccmz.de. All "Out of memory" messages are in this context: > > > Christ

Re: [Sks-devel] memory leak

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 18 Mar 2015, Kiss Gabor (Bitman) wrote: > > Once you do it the log will have the peer you are connected to when > > the Out of memory happens. > > It is cccmz.de. All "Out of memory" messages are in this cont

Re: [Sks-devel] memory leak

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > Once you do it the log will have the peer you are connected to when > the Out of memory happens. It is cccmz.de. All "Out of memory" messages are in this context: 2015-03-18 06:15:51 Recon partner: 2015-03-18 06:15:51 Initiating reconciliation 201

Re: [Sks-devel] memory leak

> > I can see " error in callback.: Out of memory" > > messages and a certain amount of "Reconciliation attempt from xxx > > while gossip disabled. Ignoring." > > > > I don't know if the later may cause the memory consumption. > > Now I disable them at IP level. > > Then let's see what happens... >

Re: [Sks-devel] memory leak

> Peer misbehaviour can be other things than excessive input. A better > place to look for hints is recon.log. Remember to raise recon > debuglevel. I can see " error in callback.: Out of memory" messages and a certain amount of "Reconciliation attempt from xxx while gossip disabled. Ignoring." I

Re: [Sks-devel] memory leak

> > > for my server, i have > > > > > > # max cache DB > > > cache: 80 > > > > I have no such settings. > > sksconf is unchanged since Dec 17 2013. > > > > Now I add this entry. Then I listen and wait. :-) > > At first sight memory footprint of sks recon is drastically reduced. ... but after

Re: [Sks-devel] memory leak

> > for my server, i have > > > > # max cache DB > > cache: 80 > > I have no such settings. > sksconf is unchanged since Dec 17 2013. > > Now I add this entry. Then I listen and wait. :-) At first sight memory footprint of sks recon is drastically reduced. Thanks again. Gabor -- "Wenn ist d

[Sks-devel] memory leak

Dear folks, Last Friday I reorganized disk partitions used by SKS. At first sight it was all right but now I found, that recon process consumes the whole memory: kissg@hufu:~$ ps uww 7576 ; date USER PID %CPU %MEMVSZ RSS TTY STAT START TIME COMMAND 112 7576 0.1 68.8 2254

[Sks-devel] No metadata please :-)

It would be useful if "sks dump ..." could be asked not to create metadata-keydump-sks.txt file. I run a shell script that runs bzip2 parallel to dump and it compresses *.gpg files on the fly not waiting dump process to exit. This is to conserve disk space. Unfortunately SKS 1.1.5 complains about

[Sks-devel] keys.niif.hu is going down right now

I have to reorganize the disk space due to continously growing database dump. Service is out of order this afternoon. Regards Gabor ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] sks-keyservers.net moved

> IPv6 should now be restored (but might need some time for DNS to > propagate). Let me know if the issue persists :) Seems to be OK. :) Thx. Gabor ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] New key server, request for peering

> Moreover I did not know that Honeypuck does not search in Sorry. I mean Hockeypuck. Gabor ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel

  1   2   >