[Sks-devel] seeking peers for sks01.pod01.fleetstreetops.com

ed a keydump from https://keyserver.mattrude.com/dump/, dated 2018-10-01. I see 5333430 keys loaded. For operational issues, please contact me directly. sks01.pod01.fleetstreetops.com 11370 # Todd Fleisher 0x030C8D58A26E7D1264044A0BD16C3A41949D203A Thanks, Todd Fleisher signature.asc Descrip

[Sks-devel] Peering Issues - High IO ending with Eventloop.SigAlarm always occur with 1 peer

Hi All,I recently joined the pool and started having an issue after adding a second external peer to my membership file. The symptoms are abnormally high IO load on the disk whenever my server tries to reconcile with the second peer (149.28.198.86), ending with a failure message "add_keys_merge fai

Re: [Sks-devel] Peering Issues - High IO ending with Eventloop.SigAlarm always occur with 1 peer

he mesh. -T > On Oct 8, 2018, at 1:54 PM, Todd Fleisher wrote: > > Hi All, > I recently joined the pool and started having an issue after adding a second > external peer to my membership file. The symptoms are abnormally high IO load > on the disk whenever my server tries to

[Sks-devel] Replacing sks01.pod01.fleetstreetops.com & sks02.pod01.fleetstreetops.com with load balanced setups

l notice when I fold the 2 older hostnames into the load balanced pools. If others are interested in peering with me, below are the lines to add to your membership files: sks.pod01.fleetstreetops.com 11370 # Todd Fleisher 0x030C8D58A26E7D1264044A0BD16C3A41949D203A sks.pod02.fleetstr

Re: [Sks-devel] sks.daylightpirates.org is staying...again

> On Nov 21, 2018, at 12:59 PM, Yegor Timoshenko > wrote: > >> Do you happen to have a long-term patch also, or just the >> hardcoded poison key? > > I don't, and most importantly, I don't think a long-term patch is > even possible without completely overhauling SKS. This may be true, but rega

Re: [Sks-devel] sks.daylightpirates.org is staying...again

> On Nov 22, 2018, at 2:56 AM, Tobias Mueller wrote: > > Hi, > > On Wed, 2018-11-21 at 15:42 -0800, Todd Fleisher wrote: >> onto the public SKS network that many people rely on every day. > do we have actual numbers here? An organization I work with has 600+ public k

Re: [Sks-devel] Peering Issues - High IO ending with Eventloop.SigAlarm always occur with 1 peer

that can be done to reduce this extra IO load (https://imgur.com/a/wHPYGsK <https://imgur.com/a/wHPYGsK>) -T > On Dec 11, 2018, at 10:10 AM, Todd Fleisher wrote: > > Signed PGP part > I had gotten things under control after sending this, but starting yesterday > it

Re: [Sks-devel] Unusual traffic for key 0x69D2EAD9 and 0xB33B4659

I also applied these configuration options earlier today to all the servers in 1 of my pools that was experiencing high IO load and repeated SigAlarms: command_timeout: 600 wserver_timeout: 30 max_recover: 150 And since then, everything has been quiet: IO on the main node that gossips externally

Re: [Sks-devel] Quick and dirty test

FYI - that site generates an untrusted ssl certificate warning and after acknowledging that I get an error that the site couldn't be found on dreamboat. Sent from the Fleishphone > On Feb 6, 2019, at 19:15, Gunnar Wolf wrote: > > Kiss Gabor (Bitman) dijo [Tue, Jan 29, 2019 at 07:56:32PM +0100

Re: [Sks-devel] Excessive use of /var/lib/sks/DB/log.*

This sounds like you are missing the recommended DB_CONFIG values to prevent your server from holding into those log files when an issue is encountered. As I recall, the fix is to start over from scratch and rebuild after first putting that file in place. It is covered in the list archives and I

Re: [Sks-devel] Unusual traffic for key 0x69D2EAD9 and 0xB33B4659

> On Feb 6, 2019, at 4:21 PM, Todd Fleisher wrote: > > Signed PGP part > I also applied these configuration options earlier today to all the servers > in 1 of my pools that was experiencing high IO load and repeated SigAlarms: > command_timeout: 600 > wserver_timeout: 30 &

Re: [Sks-devel] Quick and dirty test

2151 <https://gist.github.com/diafygi/3f344c22f8a37a7b2151> -T > On Feb 7, 2019, at 6:49 AM, Gunnar Wolf wrote: > > Todd Fleisher dijo [Wed, Feb 06, 2019 at 08:24:38PM -0800]: >> FYI - that site generates an untrusted ssl certificate warning and >> after acknowledging that I

Re: [Sks-devel] Quick and dirty test

Correction, the actual URL for the code to generate the visualization is @ https://github.com/Timi7007/SKS-Keyserver-Gossip-Network-Graph <https://github.com/Timi7007/SKS-Keyserver-Gossip-Network-Graph> -T > On Feb 11, 2019, at 4:23 PM, Todd Fleisher wrote: > > Signed PGP

Re: [Sks-devel] Annoying malicious keys - any easy solution?

Do you (or others) see are any side effects to this approach? I’m particularly wondering if it would cause your server to fall behind if it repeatedly closes connections from its peers. -T > On Feb 17, 2019, at 3:00 AM, Andreas Puls wrote: > > > > Am 17.02.2019 um 11:54 schrieb Gabor Kiss:

Re: [Sks-devel] SKS scaling configuration

Hi Jonathon, I've previously spoken with Kristian about this off-list in an attempt to improve the performance & resilience of my own server(s) pool(s), so let me share his recommendations which I’ve been using with minimal issues. The setup uses a caching NGINX server to reduce load on the back

Re: [Sks-devel] seeking peers for keyserver.vanbaak.eu

> On Feb 16, 2019, at 6:19 AM, Michiel van Baak wrote: > > I am running SKS version 1.1.6, on keyserver.vanbaak.eu. > The GOSSIP part is running on sks.pgp.vanbaak.eu because of internal > routing and IP policies. Can you clarify what you are trying to convey here? Both of those hostnames resol

Re: [Sks-devel] seeking peers for keyserver.vanbaak.eu

work to have the gossip using a different hostname/IP. -T > On Feb 17, 2019, at 10:23 AM, Michiel van Baak wrote: > > On Sun, Feb 17, 2019 at 09:26:55AM -0800, Todd Fleisher wrote: >>> On Feb 16, 2019, at 6:19 AM, Michiel van Baak wrote: >>> >>>

Re: [Sks-devel] seeking peers for keyserver.vanbaak.eu

> On Feb 17, 2019, at 11:29 AM, Michiel van Baak wrote: > > On Sun, Feb 17, 2019 at 10:51:58AM -0800, Todd Fleisher wrote: >> I see. The resolver I used only showed me your IPV4 addresses. Perhaps a >> more seasoned list member can advise if this will work properly as

Re: [Sks-devel] SKS scaling configuration

> On Feb 23, 2019, at 8:35 PM, Jeremy T. Bouse > wrote: > I didn't have as many locations configured as you show in your example but it > looked like you were defining the map but I didn't see it being used in any > of your location blocks unless I'm missing something. Shouldn't you be using >

Re: [Sks-devel] SKS scaling configuration

atus; >> } >> } >> The NGINX configuration appears to be working fine for me... My 3 backend >> nodes are operating as I expect as well.. The problem I'm seeing exhibited >> currently is that my primary node which is running along with NGINX seems to >>

Re: [Sks-devel] Debugging a corrupted key

If I understand your statement, if you are trying to remove bad data from a key that’s already in the network that is not possible. Once it’s in the network you can only append new attributes to the key, you cannot remove existing data from it. It’s basically a one-way street. -T > On Mar 6, 2

Re: [Sks-devel] SKS scaling configuration

Yeah, I thought it looked accurate. Attached is the full config for reference. I’m still seeing issues where nginx frequently caches stats data from one of the non-primary nodes even when I verify the primary node is responding when I query it directly on it’s internal 10-net IP address. It’s pu

Re: [Sks-devel] SKS Performance oddity

I've been having similar issues his week, though it's mainly high IO load/wait that is the issue. Also it's not been my primary nodes that recon with the outside world, but some of my secondary nodes that only peer internally. I've been restoring them by replacing the DB & PTree files/dirs from

Re: [Sks-devel] exception Bdb.DBError

If running db_recover doesn’t work, I would recommend re-building your DB from an SKS dump. -T > On Mar 13, 2019, at 9:35 AM, fuat wrote: > > hello, I get the following error. > > Fatal error: exception Keydb.Unsafe.No_db > > This error occurred when the gossip was set with the servers. befo

Re: [Sks-devel] exception Bdb.DBError

Improper directory ownership would generate a different fatal error: Fatal error: exception Bdb.DBError("caml_dbenv_open: open failed.: Permission denied”) -T > On Mar 13, 2019, at 9:54 AM, Jeremy T. Bouse > wrote: > > Signed PGP part > > > On 3/13/2019 12:35 PM, fuat wrote: > > hello, I g

Re: [Sks-devel] DNS broken for hkps.pool.sks-keyservers.net

The GNUPG-users post mentions something that may be the root cause: The status page for sks-keyservers.net shows no hosts are currently available via hkps but other ports are available. https://sks-keyservers.net/status/ I’m speculating here, but if whatever Kri

Re: [Sks-devel] DNS broken for hkps.pool.sks-keyservers.net

Thanks Kristian, looks like it’s resolving now. -T > On Mar 18, 2019, at 10:08 AM, Kristian Fiskerstrand > wrote: > > Well, its a simple enough issue. the CRL expired, so no host validated > anymore.. Services should be returning to normal soon enough. Thanks for > the ping. signature.asc

Re: [Sks-devel] hkps and reverse proxy

> On Mar 18, 2019, at 11:06 AM, fuat wrote: > > hkps on my server is running. That sounds accurate, based on what I am seeing @ https://sks.teknoloji360.com > ... > > do I need to add hkps servers to my membership file? The membership file con

Re: [Sks-devel] hkps and reverse proxy

> On Mar 18, 2019, at 9:40 AM, fuat wrote: > > hkps to be active ServerAlias I need to notify the servers I have > defined? > > everything works when I do apache proxy settings via static ip. > however, sks-keyservers.net does not detect the sks that I run on local > ip with apache when I make p

Re: [Sks-devel] keys.niif.hu is back on the air (Was: Cannot rebuild keys.niif.hu)

How much RAM are you (or others) finding is sufficient? I bumped mine up to 8GB a while back, but lately even that isn’t enough at times I’ve had my primary nodes that gossip with the outside world crash numerous times due out of memory errors: https://imgur.com/a/GVJwu4i

Re: [Sks-devel] Fulfilled disk

Do you have the needed DB_CONFIG files in your DB & PTree directories? This used to happen to me before I put those in place an rebuilt my databases. Sent from the Fleishphone > On Mar 28, 2019, at 22:02, Kiss Gabor (Bitman) wrote: > > Yesterday someone started to fill /var/lib/sks/DB with 1

Re: [Sks-devel] startup troubles

Before trying to tackle the issue you are having with the init script, I believe you will want to install the latest SKS version 1.1.6 (Release notice: https://lists.nongnu.org/archive/html/sks-devel/2016-08/msg0.html ).

Re: [Sks-devel] understanding error message

I’ve never seen those particular errors, but can you share your sksconf & membership files to see if there is anything obviously incorrect within? FWIW, I cannot query your server @ http://keyserver.taygeta.com:11371/pks/lookup?op=stats w

Re: [Sks-devel] proxy config

Hi Skip, According to the stats page on your server (http://keyserver.taygeta.com:11371/pks/lookup?op=stats ), you only have 2250084 keys loaded. Mine shows 5512048, which means you are missing 3261964 keys which is well above what you sho

Re: [Sks-devel] open files

Are you sure you didn’t do a fast build? I originally did a normal build on my servers, but due to the initial issues causing me to have to rebuild several times I switched to fast build to save time. I am still running that way currently and can confirm my sks db process has the dump files open

[Sks-devel] Recon lag?

Is anyone else noticing lag in the recon process based on the number of keys your servers have compared to the max listed @ https://sks-keyservers.net/status/ ? I graph that for my servers that gossip with the outside world and am noticing a much higher delta

Re: [Sks-devel] Ten thousands new keys

Yikes! This probably explains the lag I inquired about in my last email to the list. https://i.imgur.com/Wd77BFF.jpg Any insight into the source of the influx? -T > On Jun 19, 2019, at 11:24 AM, Kiss Gabor (Bitman) wrote: > > In the last 3 days some 3 ne

Re: [Sks-devel] The pool is shrinking

> On Jun 21, 2019, at 8:00 AM, Skip Carter wrote: > > Signed PGP part > As a newcomer to the pool, I have to agree. > There are several impediments to becoming a keyserver that just > shouldn't be and the need for daily poking at it is just one of those > things. There were several times where I

Re: [Sks-devel] production tweaks

> On Jun 17, 2019, at 9:37 AM, Skip Carter wrote: > > Signed PGP part > Thanks. Is there a document describing what can go into sksconf https://github.com/cmars/sks-keyserver/blob/master/sampleConfig/sksconf.typical

Re: [Sks-devel] The pool is shrinking

SKS logs to syslog, so it gets picked up by log rotate automatically. As for the DB itself, make sure you put the sample DB_CONFIG file in place in your KDB/DB and PTree directories before you started the SKS DB process to handle the DB log files. -T > On Jun 23, 2019, at 9:05 AM, Skip Carter

Re: [Sks-devel] Extreme memory usage

To Gabor’s point, I see some similar behavior on my nodes intermittently: https://i.imgur.com/aEePr6J.jpg It seems to clear up on its own get automatically restarted by systemd after OOM kills it so for the most part it doesn’t appear to impact my pool from ser

[Sks-devel] Fwd [from schleuder dev team]: Signature-flooded keys: current situation and mitigation

FYI > Begin forwarded message: > > From: t...@schleuder.org > Subject: Signature-flooded keys: current situation and mitigation > Date: July 17, 2019 at 1:07:19 PM PDT > To: schleuder-annou...@lists.nadir.org > > > Dear Schleuder admins and users, > > In the last weeks the SKS keyservers that

Re: [Sks-devel] The pool is shrinking

> On Aug 16, 2019, at 10:19 AM, Kiss Gabor (Bitman) wrote: > >> So to answer your questions: > > Ryan, have you ever seen this funny picture? :) > http://en.wikipedia.org/wiki/File:DoNotFeedTroll.svg > > Gabor +1 to this sentiment If some really want to continue to debate particulars of the

Re: [Sks-devel] The pool is shrinking

> On Aug 16, 2019, at 10:24 AM, Stefan Claas wrote: > > DevPGSV Pablo wrote: > > O.k. I must admit I did not thought about the centralization issue, > people might have. > > Well, then operators could put that on a link of their own WWW key > server interface and Kristian could add only a colum

Re: [Sks-devel] The pool is shrinking

> On Aug 16, 2019, at 10:42 AM, Ryan Hunt wrote: > > Its role as a decentralized, tamper resistant key storage solution is still > vital, and I would love it if we had the development going on to address the > stability issues, but thats simply not the case at this point in time and > until th

Re: [Sks-devel] GDPR (equine corpse)

> On Aug 17, 2019, at 8:46 AM, Stefan Claas > wrote: > > Anonymity is a very important point when one likes to communicate securely > and anonymously! > > For that purpose Anonymous Remailers with a Nym account are in service > for many years. It requires on the users sid

Re: [Sks-devel] GDPR (equine corpse)

> On Aug 17, 2019, at 18:00, Stefan Claas wrote: > > Todd Fleisher wrote: > >>> On Aug 17, 2019, at 8:46 AM, Stefan Claas >> <mailto:s...@300baud.de>> wrote: >>> >>> Anonymity is a very important point when one likes to communicate s

[Sks-devel] New GPGTools release & reliance on SRV records

Hi Kristian & other SKS operators, The team @ GPGTools.Org released their latest version (2019.1) last week on August 22nd. New installations of this release use keys.openpgp.org as the default key server & upgrades to this release prompt users t

Re: [Sks-devel] ProxMox/Debian 10.1 gnupg2 notice:

Hendrik, Thanks for sharing this. It seems the latest GPG Tools release for macOS integrated the same behavior and is stripping valid 3rd party signatures from newly downloaded or updated keys. I’m trying to work around it, but so far no luck trying to use that option via the command line or in

Re: [Sks-devel] ProxMox/Debian 10.1 gnupg2 notice:

0, 2019, at 10:27 PM, Todd Fleisher wrote: > > Signed PGP part > Hendrik, > Thanks for sharing this. It seems the latest GPG Tools release for macOS > integrated the same behavior and is stripping valid 3rd party signatures from > newly downloaded or updated keys. I’m trying to w

Re: [Sks-devel] No peers/status?

Gabor, SKS on port 11371 will not have SSL, so the URL should be http://sks.e-utp.net:11371/pks/lookup?op=stats … https on port 443 for that URL does return data: https://sks.e-utp.net/pks/lookup?op=stats -T > On Sep 30, 2019, at 10:41 AM, Kiss Gabor

Re: [Sks-devel] No peers/status?

Weird, but I thought it did that to me once too. But after clearing cache & cookies I couldn’t reproduce it so I wrote it off. It also doesn’t do that for me using curl … so I thought maybe HSTS related, but I don’t see that header being sent so I dunno. Maybe the operator is/was making some cha

Re: New peers request

Hi Christoph, Just wanted to check if you were having better luck as I know some people who point directly to your server vs. one of the pools and it seems to be returning a 502 error currently. -T > On Nov 22, 2019, at 12:49 AM, Christoph Martin wrote: > > Hi Skip, > > Am 21.11.19 um 17:04

Re: The state of peer connectivity

Is this the one you are remembering: https://github.com/Timi7007/SKS-Keyserver-Gossip-Network-Graph ? -T > On Dec 31, 2019, at 6:58 AM, Andreas Puls wrote: > > Hey Skip, > > nice work. > > I remember that another User wrote a

hkps.pool.sks-keyservers.net DNS failing to resolve

Hi Kristian, Starting @ 01-14-2020 20:45:18 UTC it seems DNS is failing to resolve successfully, with the public resolvers & NS-GLOBAL.KJSL.COM returning NXDOMAIN & the remaining authoritative servers for the returning REFUSED. Results can be seen here: https://pastebin.com/raw/JweLJyYL

Re: hkps.pool.sks-keyservers.net DNS failing to resolve

eyservers.net/status/ - (HKPS RED) > > Kind regards, > > David. > > Am 15.01.2020 um 00:25 schrieb Todd Fleisher: >> Hi Kristian, >> Starting @ 01-14-2020 20:45:18 UTC it seems DNS is failing to resolve >> successfully, with the public resolvers & NS-GLOBAL.K

Re: hkps.pool.sks-keyservers.net DNS failing to resolve

e: > > Hi Todd, > > For HPKS you must be added by Kristian to his self signed cert, without > this you don't get listed as HPKS-capable node. > > David. > > Am 15.01.2020 um 02:05 schrieb Todd Fleisher: >> Hi David, >> Good catch, that would explain it. I

Re: hkps.pool.sks-keyservers.net DNS failing to resolve

> wrote: > > On 15.01.2020 02:28, Todd Fleisher wrote: >> Hopefully Kristian finds and fixes his issue in the morning. > > thanks for the heads up everyone; should be back up on next update run > (cause: crl expired) > -- > ---

Re: 6 million

> On Apr 14, 2020, at 10:29, brent s. wrote: > >> What benefits do you have as an SKS operator, to still support such >> old and dangerous GnuPG/SKS client-server model, in 2020? > > Are you on this list just to troll or do you have anything useful to say? So much this. Some of us have a legiti

Re: 6 million

are alternate key server environments that help meet this need even if I don’t like other things about said key servers. > On Apr 14, 2020, at 12:46, Stefan Claas wrote: > > Todd Fleisher wrote: > >> So much this. Some of us have a legitimate need for what SKS provide

Re: 6 million

> On Apr 14, 2020, at 14:32, Stefan Claas wrote: > > I don't know why they are saying this, but if you would download my CA > certified > public key block from their server, the CA sig3 is on my public key block. If I had to guess, I’d say they allow you to upload your own public key and don’t

Updated GPG Key

Hi Kristian, The copy of your GPG key I have expired at the end of last year & the copy available via the SKS network is 27MB which indicates it has been poisoned with bogus signatures. Can you please send an updated copy of your key and/or upload it to keys.openpgp.org

Re: Updated GPG Key

5 trust: 866-, 1q, 0n, 0m, 1f, 0u gpg: next trustdb check due at 2020-05-23 -T > On May 21, 2020, at 12:45, Wiktor Kwapisiewicz wrote: > > On 21.05.2020 20:31, Todd Fleisher wrote: >> Cc’ing the list in case someone else has a good, current copy of it and >> could send it m

Desperately Seeking Kristian - SKS HKPS certificate renewals

Hi all, Has anyone seen or heard from Kristian in the last month or so? I’ve reached out several times off list about the upcoming expiration of my server’s certificate for the HKPS pool but have not received any response. My certificate expires in 10 days, at which point I will no longer be abl

Re: Desperately Seeking Kristian - SKS HKPS certificate renewals

Thanks for the suggestion, Gabor. He doesn’t appear to have been active there since last summer, but it can’t hurt to try. -T > On Jun 11, 2020, at 21:19, Gabor Kiss wrote: > > On Thu, 11 Jun 2020, Todd Fleisher wrote: > >> Has anyone seen or heard from Kristian in the last

Re: Desperately Seeking Kristian - SKS HKPS certificate renewals

CNAME. While I was writing this I see the DNS CNAME has updated so I should stop receiving requests I cannot service without a new certificate. 25 days until Dan Austin’s certificates expire on the remaining nodes in the pool. -T > On Jun 11, 2020, at 11:13, Todd Fleisher wrote: > >

Re: Desperately Seeking Kristian - SKS HKPS certificate renewals

FYI - the SKS certificate for sks.pod02.fleetstreetops.com <http://sks.pod02.fleetstreetops.com/> has now been renewed so it is back in service for the hkps.pool.sks-keyservers.net <http://hkps.pool.sks-keyservers.net/> CNAME as of ~2138 UTC. -T > On Jun 22, 2020, at 10:55

Re: Desperately Seeking Kristian - SKS HKPS certificate renewals

I posted a reply noting it’s not clear from the GitHub issue whether they were trying to contact the HKPS pool or trying to access the non-HKPS pool with SSL. In the linked Endeavour thread, Ben mentions: It appears to be an error with the SSL certificate of pool.sks-keyservers.net

Re: DB error in crontab

It seem you may have a Berkley DB problem on your system. From https://web.stanford.edu/class/cs276a/projects/docs/berkeleydb/api_c/log_archive.html : Errors The DB_ENV->log_archive method may fail and return

Re: Sks-devel Digest, Vol 195, Issue 5

Has anyone actually been able to connect to keyserver.newideatest.site on 11371 to verify the key counts or port 11370 to verify recon is up & running? I’ve been unable get a response from either and my previous attempt to reply to one of Dan’s messages to th

Re: Sks-devel Digest, Vol 195, Issue 5

Good eye, I hadn’t noticed that one. The meta page also reports it is Vulnerable to CVE-2014-3207. While I think that alone will preclude it from being put into the pools even if it does resurface, I’d advise operators to remove the server from their membership files until that and the other iss

Re: Sks-devel Digest, Vol 195, Issue 5

; > > > >> On Sep 10, 2020, at 8:18 PM, Todd Fleisher > <mailto:t...@fleetstreetops.com>> wrote: >> >> Good eye, I hadn’t noticed that one. The meta page also reports it is >> Vulnerable to CVE-2014-3207. While I think that alone will preclude i

Re: Building SKS on Alpine Linux 3.12 with ocaml 4.08

I personally recommend an Ubuntu 18.04LTS system, using the somewhat patched package found @ https://launchpad.net/~canonical-sysadmins/+archive/ubuntu/sks-public/+packages to protect against the so-called “poison

Re: seeking peers for hyperboria.net.pl

I have placed a current dump @ https://sks.pod02.fleetstreetops.com/dump/2020-10-15/ if anyone needs it. Otherwise, recon will need to catch up 301,510 keys based on the stats pages of http://keyserver.hyperboria.net.pl:11371/pks/lookup?op=stats & other servers that are current in the network.

Re: Building SKS on Alpine Linux 3.12 with ocaml 4.08

For sure I’m not trying to preach to or convert anyone. Just (re-)offering my $0.02 regarding my experiences with SKS in particular. The same package would probably run just as well on Debian or maybe even other OS’s if you convert it to a native package. But since you brought it up … hopefully

Re: Building SKS on Alpine Linux 3.12 with ocaml 4.08

> On Oct 15, 2020, at 17:58, Ángel wrote: > > First of all, those patches protect against a single poison key, > 0xE41ED3A107A7DBC7. By skipping the merge of changes to it, I think. I suppose one is better than none. I also block several other (popular?) keys that are problematic at the NGINX

Re: seeking peers for hyperboria.net.pl

Adam, You can also search the list archives for a thread with subject "SKS scaling configuration” which goes into detail about how to build a more robust pool of nodes to service requests. The software is far from perfect and you will likely see some errors even under “normal” operation. I would

Re: Building SKS on Alpine Linux 3.12 with ocaml 4.08

> On Oct 16, 2020, at 08:46, Skip Carter wrote: > > What are the characteristics of a poison key ? A large number of bogus 3rd party signatures applied to the public key and uploaded to the network > What makes it bad ? The key size becomes too large for GPG to process it > I wonder if there

Re: Seeking peers for openpgp.circl.lu

Hi Alexandre, Your statistics page does not show you have any keys loaded: Total number of keys: 0 By contrast, the current number I show is 6096841 You should download & import from a current key dump (e.g. https://pgp.key-server.io/sks-dump ) before reque

Re: An evil idea :-)

That looks more like a DNS CNAME, not a proxy. The same goes for this popular one: keys.gnupg.net is an alias for hkps.pool.sks-keyservers.net. -T > On Mar 22, 2021, at 14:42, Andreas Puls wrote: > > > Am 22.03.2021 um 21:08 schrieb Kiss Gabor (Bitman): >> One can decide to setup a proxy ser

Re: Pool dried up

> On Mar 22, 2021, at 13:28, Andrew Gallagher wrote: > > I happened to check the pool just now, and there are only three nodes in it: > > 1 pgpkeys.uk[@] > 2 sks.pod01.fleetstreetops.com[@] > 3 sks.pod02.fleetstreetops.com[@] > > Looking at the cached metadata it appears that when t

Re: Pool dried up

> On Mar 23, 2021, at 02:38, Andrew Gallagher wrote: > > Hi, Todd. > > On 23/03/2021 03:37, Todd Fleisher wrote: >>> On Mar 22, 2021, at 13:28, Andrew Gallagher >> <mailto:andr...@andrewg.com>> wrote: >>> >>> I happened to chec

Re: Key diff anomaly

Hi Robert, You may want to consider starting over once more after re-loading from a fresh key dump. Your server’s status page shows a total of 5,615,275, which is a delta of ~508,000 keys against the pool’s current mean. Having to process so many keys via the reconciliation process may put a str

Re: shutdown of pgpkeys.co.uk and pgpkeys.uk

Sorry to see it end this way, but to Dan’s point all the rugs are being pulled out from under this service. I will continue running my nodes, but it does seem like the official SKS key server network has reached the end of the road. As of yesterday, all of the pool DNS records were pulled. If yo

Re: keyserver.taygeta.com on hockeypuck

If I recall from previous posts, hockeypuck has issues reconciling against nodes running SKS. I believe others took to running a separate SKS node to peer with nodes in the pool and then only peer locally between your own SKS node & hockeypuck node(s). Something like: hockeypuck.taygeta.com <->

Ubuntu/Canonical keyserver admin contact

Is there anyone @ Canonical/Ubuntu or who can get me in touch with the person(s) in charge of keyserver.ubuntu.com on this list? If so, could you please reach out to me off list? I sent an email to Paul Collins yesterday based on an email he sent about it back in 2

Re: Key server status

I would challenge that the ubuntu server is even well maintained for day-to-day issues currently. My PGP key (0x 949D203A) was uploaded directly to their server in the past as well as being available on my nodes which they used to peer with. However, keyserver.ubuntu.com began to intermittently

Re: Key server status

ubuntu server. The response was: > > {"inserted":null,"updated":null,"ignored":["rsa4096/05fa40b23af5025974c > 3b1a6c62aa8645d00d25b"]} > > I will check later if it sticks. > > (For proper public access I also updated my key at keyserve