I have a few thoughts, if I may.
If I understand the gist of this discussion you're trying to clean up
bad entries and add a support to delete such entries on a regular basis.
I think this is a dangerous idea, maybe not completely bad, but IMHO it
requires very careful thought. The reason is that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
AFAIK you need two. I'm sorry, I missed the point, you have a
special case (as far as apache is concerned), one virtual host, but
two certificates need to be presented on demand. So, AFAIK/IMHO you
need to have two virtual hosts just for the s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
This link might help.
https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
However this relies on an extension to TLS calles SNI (server name
indication), which sadly isn't implemented in all clients, some less
popular or older browsers for exa
23.94.in-addr.arpa domain name pointer
business-ip-94-23-11-46.static.lu.
Martin
On 05/05/2014 01:50 AM, Martin Papik wrote:
>
> I'm somewhat new myself, but here goes.
>
> To me it looks like one or more of your peers doesn't have you
> configured. To find out wh
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
I'm somewhat new myself, but here goes.
To me it looks like one or more of your peers doesn't have you
configured. To find out which one you have a few choices.
1) look at the logs to see which peers you do receive keys from, the
ones you don't ar
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
I'm somewhat new myself, but here goes.
To me it looks like one or more of your peers doesn't have you
configured. To find out which one you have a few choices.
1) look at the logs to see which peers you do receive keys from, the
ones you don't ar
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 04/18/2014 11:42 PM, Simon Lange wrote:
> https://twitter.com/krifisk/status/456717051340791808 "With a HTTP
> Host header not belonging to the specific hostname? Note the -H
> 'Host.' , 11371 should allow ALL traffic through"
Sounds more lik
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 04/18/2014 10:37 PM, Simon Lange wrote:
> Ive been told that it is required to allow ALL incoming traffic to
> the IP of my keyserver for port 11371 no matter what hostname is
> requested. that would - of course - allow everyone on this planet
> t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 04/18/2014 09:24 PM, Simon Lange wrote:
> yesterday i learned i have to give up control who is using his
> domain with my services. :/
Please explain, I'm not aware of such a requirement and if there is
such I would like to know about it so I can
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
I don't know who maintains the monitor, but this email chain prompted
me to have a quick look at the differences between the responses
between a reverse proxy and SKS and I found a few differences and how
to detect a reverse proxy. I've come up with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Dear Kristian
Thank you for your response.
>> Second, with 1.1.3, are ECC signatures lost? Meaning if someone
>> queries my server running 1.1.3 for a key containing an ECC
>> signature, will only the one signature be missing or will there
>> be
this, am I degrading the network by
being included in the pool with a 1.1.3 server? If so, what next?
Martin
On 04/07/2014 02:31 AM, Phil Pennock wrote:
> On 2014-04-06 at 13:49 +0300, Martin Papik wrote:
>> And my impression is that 1.1.3 is okay, a number of the servers
>> visib
vide other current .deb files on request.
>
>
> Best regards, Tobias Frei
>
>
> Am 06.04.2014 12:49, schrieb Martin Papik:
>>
>> I am using the latest stable LTS, unfortunately, ubuntu LTS
>> matures slowly and I've been bitten with premature
>>
ttp://freiwuppertal.de/sks_1.1.4-2.1ubuntu1_amd64.deb
>
>
>
> Best regards, Tobias Frei
>
>
> Am 05.04.2014 16:17, schrieb Martin Papik:
>>
>> Thank you, I've upgraded to 1.1.3, although why Ubuntu didn't
>> install that one without an explicit
tups having reverse HTTP proxies in front as a best practice.'
Perhaps it's a time to ditch the 1.1.1 and try to compile 1.1.4 instead ?
Also, I have noticed, that you did not enable the built-in www server:
'Page not found: /var/lib/sks/www/index.html'
Regards,
H.Storm [TheBluPr
Apache Server at keyserver.kolosowscy.pl Port 80
On 04/05/2014 04:21 AM, Jerzy Ko?osowski wrote:
Hi,
I added your server. My line to add:
keyserver.kolosowscy.pl 11370 # Jerzy Kolosowski
Rgds,
Jerzy Ko?osowski
Dnia s'roda, 2 kwietnia 2014 05:50:52 Martin Papik pisze:
Hi everyone,
Hi everyone,
I've just configured sks 1.1.1 (default on Ubuntu) on
sks-server.randala.com. The machine has IPv6 but SKS has not yet been
assigned an address. I wonder, is there an advantage (e.g. in terms of
peering)? The server is located in Germany/EU. For now I'm deploying the
server for R
17 matches
Mail list logo
