Re: [Sks-devel] Gossip protocol mentor?

I'm also happy to answer questions on the list too. The advantage to that is that the answers are then searchable for others. y On Sat, Jun 29, 2019 at 8:42 PM Daniel Roesler wrote: > Great! Will email you separately. > > On Sat, Jun 29, 2019 at 7:40 PM Yaron Minsky wrote: > &

Re: [Sks-devel] Gossip protocol mentor?

I don't have a lot of time to contribute, and I haven't really thought about the implementation or the algorithms for 20 years. But I'd be happy to answer questions. y On Fri, Aug 26, 2016 at 11:34 AM Daniel Roesler wrote: > Howdy all, > > I've read through the academic paper several times,

Re: [Sks-devel] SKS apocalypse mitigation

FWIW, while I'm effectively no longer involved in SKS development, I do agree that this is a problem with the underlying design, and Andrew's suggestions all sound sensible to me. On Fri, Mar 23, 2018 at 7:10 AM, Andrew Gallagher wrote: > Hi, all. > > I fear I am reheating

Re: [Sks-devel] hg workflow pointers

Without saying anything about how to use hg (though this is a nice tutorial: http://hginit.com/), I have no objection to moving the whole thing to git and/or github. I was the one who chose hg long ago, and I no longer work on SKS enough for my opinion on such things to matter. y On Tue, Aug 1,

Re: [Sks-devel] Key subsets (was: Proposal: Start verifying self-signatures)

doable, but would require someone to really dig seriously into the SKS codebase. I'm not going to have the time to do it myself. y On Thu, May 21, 2015 at 3:29 PM Arnold sk...@mallos.nl wrote: On 20-05-15 00:18, Yaron Minsky wrote: Let's think about a simpler question: deletion. Hmm, simple

Re: [Sks-devel] Rationalization (Was: Questions regarding blocking ...)

Also, why does having more peers take more resources? The rough algorithm (IIRC) is: pick a random host from your list of peers; reconcile; wait a fixed period of time and try again. The set of hosts from which you pick a peer seems like it adds no cost. y On Sun, Aug 3, 2014 at 4:15 AM,

Re: [Sks-devel] SKS-Devel mailing-list and keyserver implementations

A minor point --- I think Phil put my name on this by mistake, since I didn't actually sign-on to this email. That said, I would like to encourage the Hockeypuck people to post here to discuss the reconciliation protocol. The protocol seems like a shared interest, and this seems like the best

Re: [Sks-devel] Hockeypuck: OpenPGP Key Server, Golang ?

Good luck on creating a new keyserver. A few quick thoughts: First, it shouldn't be too hard to improve upon SKS. I'd say the key weakness of SKS is that it is written in a very naive style without taking advantage of more modern asynchronous programming toolkits in OCaml like LWT[1] or

[Sks-devel] Moving the main repo

Just a quick note. We've moved the main repo from it's old location at https://bitbucket.org/yminsky/sks-keyserver to this one https://bitbucket.org/skskeyserver/sks-keyserver This is to use bitbucket's team system, so multiple people can manage the repo and downloads and such. I've

[Sks-devel] bitbucket transition

The bitbucket transition seems complete. Any objections to deleting the google-code project? It seems like a source of confusion... y ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Bitbucket?

On Wed, May 30, 2012 at 11:08 PM, John Clizbe jpcli...@tx.rr.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1,SHA256 Yaron Minsky wrote: John? Seems like you're the main person who I haven't heard a response from. How do you feel about switching to bitbucket? Sorry

Re: [Sks-devel] Bitbucket?

On Sat, May 26, 2012 at 8:35 PM, David Benfell benf...@parts-unknown.orgwrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/26/2012 05:12 PM, Matthew Palmer wrote: Given that (I believe) the source code to sks is already stored in a mercurial repository, it would make sense to

Re: [Sks-devel] Div.

Thanks for creating a clearly separated fork. I look forward to seeing the source! Cheers, y On Fri, May 25, 2012 at 2:05 PM, Sebastian Urbach sebast...@urbach.orgwrote: Hi, Sorry, the usual friday dump is a bit late today but it's available right now: http://key-server.org/dump/

Re: [Sks-devel] SKS 1.1.3 for Debian

I'll take a look, but it's worth noting that the thread-safety of lazy is not at issue here: sks is a single-threaded program. And if someone wanted to make it multi-threaded, I would propose using a cooperative threading library like async or lwt, which would preserve the safety of Lazy. y On

Re: [Sks-devel] simple DoS against SKS's HKP interface :/

There may be a way around this problem now, but really, to make SKS good at this kind of situation,s omeone needs to port SKS to a concurrency library like LWT or Async. That will make it much easier to deal with these problems, and to be able to handle multiple concurrent clients properly.

[Sks-devel] google-code is the home for SKS

Just to clear up any possible confusion, the home for the SKS software distribution is the google code site. http://code.google.com/p/sks-keyserver/ Please point there in preference to the old savannah site, minskyprimus.netand minsky-primus.net. y

Re: [Sks-devel] Wiki

Not to discourage the creation of a new wiki, but it's worth noting that there is a wiki available on the google code site: http://code.google.com/p/sks-keyserver/wiki/Documentation The wiki requires users to be permissioned, but I'd be happy to set up those who are interested. I don't think

Re: [Sks-devel] Woohoo!

My apologies for being slow. Getting those patches uploaded had just slipped off my stack. I don't really have a lot of time to devote to sks these days. That said, I'll try to be more responsive than I have been in reviewing and accepting patches. Putting them up as clones on the google code

Re: [Sks-devel] minskyprimus.net domain expired

My apologies. I'm in the process of transferring the domain, and will reinstate it. It's worth noting that the best place for keeping info about sks is I think the google code site: http://code.google.com/p/sks-keyserver That has the hg repos, links to the papers, and some documentation.

Re: [Sks-devel] Re: Delete key from keyserver

On Wed, Sep 8, 2010 at 3:09 AM, n...@kfwebs.net wrote: Granted this could be mitigated if only 'trusted introducers' (TI) are able to add deletion tokens ( but as long as the protocol is open, this, itself, would require a lot of thought on implementation. E.g by adding an element to the key

Re: [Sks-devel] Re: Delete key from keyserver

I think that a basic form of deletion is pretty easy, and requires no real research The algorithm is simple. You simply add a new kind of pseudo-key to be gossiped around: a deletion token. In the simplest version, the deletion token never expires; it's a permanent addition to the database. But

Re: [Sks-devel] Re: Delete key from keyserver

are not coming up with the algorithm. They're writing the code and producing the social agreement among the people hosting the keyservers. y On Tue, Sep 7, 2010 at 10:46 PM, Robert J. Hansen r...@sixdemonbag.orgwrote: On 9/7/2010 9:50 PM, Yaron Minsky wrote: I think that a basic form of deletion

Re: [Sks-devel] Re: Delete key from keyserver

they would be accepted by a given keyserver. But that goes to the policy question... y On Tue, Sep 7, 2010 at 10:28 PM, Jeff Johnson n3...@mac.com wrote: On Sep 7, 2010, at 9:50 PM, Yaron Minsky wrote: I think that a basic form of deletion is pretty easy, and requires no real research

Re: [Sks-devel] Reconciling algorithm

On Wed, Apr 28, 2010 at 6:29 PM, Jesus Cea j...@jcea.es wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 21/04/10 02:17, Yaron Minsky wrote: I am interested in knowing the *exact* algorithm/protocol SKS uses for reconciliation. I have read the two papers in the main SKS webpage

Re: [Sks-devel] Reconciling algorithm

On Tue, Apr 20, 2010 at 7:54 PM, Jesus Cea j...@jcea.es wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, everybody. I am interested in knowing the *exact* algorithm/protocol SKS uses for reconciliation. I have read the two papers in the main SKS webpage, but it is not enough to

Re: [Sks-devel] Adding DB_INIT_LOCK to sks-keyserver (revisited)

On Fri, Feb 26, 2010 at 6:56 PM, Jason Harris jhar...@widomaker.com wrote: On Fri, Feb 26, 2010 at 09:58:17PM +, Kim Minh Kaplan wrote: Jeff Johnson writes: From the 3 deadlocks I've seen, I'd guess that any moderately large (500 keys) is likely to encounter a partition tree

Re: [Sks-devel] Adding DB_INIT_LOCK to sks-keyserver (revisited)

On Wed, Feb 24, 2010 at 6:01 PM, Kim Minh Kaplan kaplan+...@kim-minh.comkaplan%2b...@kim-minh.com wrote: Jeff Johnson: BTW, can someone describe -- even superficially -- what is being attempted with the PTree store? Any details are welcomed, I'm not yet able to read OCAML code well

Re: [Sks-devel] [PATCH] Use domain names with hkp_address and recon_address

The patches look good. They've been pushed to the main repo. y On Mon, Aug 31, 2009 at 5:41 PM, Kim Minh Kaplan kaplan+...@kim-minh.comkaplan%2b...@kim-minh.com wrote: John Marshall writes: On Sun, 30 Aug 2009, 23:02 +, Kim Minh Kaplan wrote: may be the documentation change I did

Re: [Sks-devel] Improving the SKS development model

The diffs look good, and the resulting tree builds. I've pulled your changes into the repo. y On Sat, Aug 15, 2009 at 4:33 AM, Kim Minh Kaplan kaplan+...@kim-minh.comkaplan%2b...@kim-minh.com wrote: Yaron Minsky writes: Neither of those revisions appear to be in the hg repo you mentioned

Re: [Sks-devel] Improving the SKS development model

Sounds like another good patch! On Fri, Aug 14, 2009 at 2:45 PM, Kim Minh Kaplan kaplan+...@kim-minh.comkaplan%2b...@kim-minh.com wrote: Dinko Korunic writes: I reckon this is because of initial import duration (build vs pbuild) only. Personally, I am against using pbuild exactly for

Re: [Sks-devel] Improving the SKS development model

On Thu, Aug 13, 2009 at 1:40 PM, Kim Minh Kaplan kaplan+...@kim-minh.comkaplan%2b...@kim-minh.com wrote: The only interesting patches are word index patch (977e38781686) as well as a tail recursion fix (c67b2f226c24), the two last commits. I still have some other commits in a private

Re: [Sks-devel] Re: Improving the SKS development model

I did not update the CHANGELOG properly. I'll do that for the 1.1.2 release. y On Thu, Aug 13, 2009 at 3:52 AM, John Clizbe j...@mozilla-enigmail.orgwrote: Yaron Minsky wrote: One other note: I finally cut a 1.1.1 release. It is on the google code site. What patches are included? I

[Sks-devel] Improving the SKS development model

As y'all have no doubt have noticed, I haven't had a ton of time to spend on SKS development of late. But people on the list have started filling the gap, coming up with various patches to improve things. I think we need to get a more organized development model to make it easier to put together

[Sks-devel] Re: Improving the SKS development model

One other note: I finally cut a 1.1.1 release. It is on the google code site. y On Wed, Aug 12, 2009 at 9:07 PM, Yaron Minsky ymin...@gmail.com wrote: As y'all have no doubt have noticed, I haven't had a ton of time to spend on SKS development of late. But people on the list have started

Re: [Sks-devel] Improving the SKS development model

On Wed, Aug 12, 2009 at 10:06 PM, John Marshall john.marsh...@riverwillow.com.au wrote: Is there any need to move the mailing list from where it is? I am not in favour of mailing lists that encourage rich mail messages. I don't want to see list email full of HTML crud. I mostly want to

[Sks-devel] Editing the wiki

If anyone is interested in contributing to the documentation wiki on the google code site, please send me an email personally, and I will permission you for that. y ___ Sks-devel mailing list Sks-devel@nongnu.org

Re: [PATCH] unqueue the tqueue database even when mailsync is empty (was: [Sks-devel] [PATCH] Bundle IPv6, DNS fixes, sks dump fix)

In the original design of the system, repeatedly stuffing an error in the log when there were no partners available was done on purpose. The idea was that not having mailsync peers is a serious error for a public SKS server, since it means that the keys submitted to SKS will never make it into

Re: [Sks-devel] [CONTRIB] sks.pod text for enabling IPv6

2009/3/30 Phil Pennock sks-devel-p...@spodhuis.org If I cared more for the O'Caml language than I do, I'd look into contributing back patches to the language maintainers to solve this problem. But that doesn't solve the immediate problem, unless an SKS release will be delayed pending a new

[Sks-devel] More patches

I just integrated a couple more patches from the list, with some minor modifications. (I also added in an mli to the membership module. SKS is sadly short on interface files, which makes it a real pain to go back and think about the code. I'd be happy to accept more patches adding mlis...)

Re: [Sks-devel] [PATCH] HKP Timeout

I'm OK with that. 2009/3/25 Peter Pramberger pe...@pramberger.at Just remembered this - maybe SKS' internal default value should be increased? Br, Peter Original-Nachricht Betreff: [Sks-devel] HKP Timeout Datum: Tue, 13 Jun 2006 17:00:23 +0200 Von: Peter Pramberger

[Sks-devel] Patches imported

I imported the proposed patches into the hg repo, with some minor changes. People should try it out, and if the reports are good, I'll bless it as the next release. The repo can be found here: http://hg.minskyprimus.net/sks/trunk y ___ Sks-devel

Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG

Sorry, this is all explained by me getting all confused with the version numbers. Ignore my last post (except to point out that a new release needs to come soon...) y 2009/3/22 Daniel Kahn Gillmor d...@fifthhorseman.net On 03/22/2009 10:29 PM, Yaron Minsky wrote: I'm really confused

Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG

I'm really confused. People have piped in in both directions on this one, so does someone have the definitive story? Is 1.0.10 the one that behaves correctly, or 1.0.9? And yes, we should get a 1.0.11 release out soon. I was waiting for the IPv6 patch to settle down and for everyone to agree

Re: [Sks-devel] [PATCH] auto-refresh membership DNS

2009/3/22 Phil Pennock sks-devel-p...@spodhuis.org The gotcha here is async DNS support in O'Caml. I'm sure I'm missing something here, but why is asynchronous DNS a requirement? Why not do the DNS queries using threads? y ___ Sks-devel mailing

Re: [Sks-devel] [PATCH] IPv6 support

On Sat, Mar 7, 2009 at 2:53 AM, Phil Pennock sks-devel-p...@spodhuis.orgwrote: On 2009-03-06 at 23:06 -0500, Yaron Minsky wrote: - Cleaned up the way that IPv4 and IPv6 logic was chosen in the code so as to reduce boilerplate let foo = bar in in the middle of a list. I have a lot

Re: [Sks-devel] [PATCH] IPv6 support

I'm really happy to see these changes being tried out. I'll read over the diff today and try to get you some feedback. y On Thu, Mar 5, 2009 at 2:24 AM, Phil Pennock sks-devel-p...@spodhuis.orgwrote: On 2009-03-02 at 02:52 -0800, Phil Pennock wrote: Can those with more experience in OCaml

Re: [Sks-devel] SKS RAM usage gone haywire

On Sat, Feb 14, 2009 at 6:14 PM, Phil Pennock sks-devel-p...@spodhuis.orgwrote: I begin to wonder if recon is sub-optimal with a large delta of keys to send and also to wonder if I should bump learn to read OCaml up my priority list -- I'm managing to navigate the sks source faster already,

Re: [Sks-devel] How to delete single keys from the SKS keyserver

On Wed, Jun 4, 2008 at 2:56 AM, Patrick Rother [EMAIL PROTECTED] wrote: Hello. You can use the sks drop command with a key hash as a parameter. You'll need to have a running SKS server. Althouhg having read sks help, sks --help and the man page at least two times each, I really

[Sks-devel] A new wiki

I was thinking SKS could benefit from a wiki. I've set up a very simple instiki installation for people to play around with: http://minskyprimus.net:2500/sks People should feel free to contribute or propose an alternate wiki technology if instiki is for some reason unsuitable... y

Re: [Sks-devel] sks 1.1.0

On Sun, May 11, 2008 at 4:09 PM, John Clizbe [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yaron Minsky wrote: A new release of SKS (version 1.1.0) is now available, and can be downloaded from snip * Numerix is no longer required. This should simplify

[Sks-devel] sks 1.1.0

A new release of SKS (version 1.1.0) is now available, and can be downloaded from http://minskyprimus.net/sks/releases There are a few notable changes: - Numerix is no longer required. This should simplify the build process on a number of different platforms. SKS relies instead on

[Sks-devel] An embarrassing question

This is an embarrassing question to ask about software that I wrote, but here it is. I've been poking around with the sks code trying to get it to compile on a reasonably modern system, and having some real trouble getting it up. I'm trying to build on a 64-bit centos 5 box using OCaml 3.10.2,

Re: [Sks-devel] Build failure

if anyone has actually tested out the tip of the SKS tree, but if anyone has, I would be interested in feedback. The tip of the tree is really quite untested at present. y On 8/24/07, Joerg Jaspert [EMAIL PROTECTED] wrote: On 11120 March 1977, Yaron Minsky wrote: Try the new version, and tell

Re: [Sks-devel] Build failure

Development isn't terribly active, but it's not quite dead yet. The CVS archive is quite dead, though. You can pull the latest sources from a bzr repository here: http://minsky-primus.homeip.net/sks-archive/mainline/ The server it's on is sadly a bit unreliable, but the tree has been

Re: [Sks-devel] Re: Permanent diff with pgp.srv.ualberta.ca

You can also use sks drop to delete keys that you know are bad. sks drop requires the sks db process to be running. yOn 8/21/05, Chris Kuethe [EMAIL PROTECTED] wrote: On Sun, 21 Aug 2005, Jason Harris wrote: On Sun, Aug 21, 2005 at 09:32:24AM -0600, Chris Kuethe wrote: Not sure what's going on

Re: [Sks-devel] Re: SKS v. unknown HTTP headers (was: Re: IPv6 failover?)

Minsky wrote: I still haven't heard back. Does the sks.dnsalias.nethttp://sks.dnsalias.netkeyserver work with gpg+libcurl? Has any one tried it? y On 8/13/05, Yaron Minsky [EMAIL PROTECTED] wrote: I've put the server at sks.dnsalias.net http://sks.dnsalias.net back up (just the sks db

Re: [Sks-devel] Re: SKS v. unknown HTTP headers (was: Re: IPv6 failover?)

On 8/20/05, David Shaw [EMAIL PROTECTED] wrote: On Sat, Aug 20, 2005 at 07:00:30AM -0400, Yaron Minsky wrote: On 8/19/05, David Shaw [EMAIL PROTECTED] wrote: I just tried it. It does not work. Harumph. So I'm just confused. Here's the code in the current version: match request with /pks/add

Re: [Sks-devel] Re: SKS v. unknown HTTP headers (was: Re: IPv6 failover?)

OK, I just applied another patch that I think should work better. Tell me if it looks good. yOn 8/20/05, David Shaw [EMAIL PROTECTED] wrote: On Sat, Aug 20, 2005 at 07:00:30AM -0400, Yaron Minsky wrote: On 8/19/05, David Shaw [EMAIL PROTECTED] wrote: I just tried it. It does not work. Harumph

Re: [Sks-devel] Re: SKS v. unknown HTTP headers (was: Re: IPv6 failover?)

, Aug 09, 2005 at 09:54:07PM -0400, Yaron Minsky wrote: mentioned. Could a couple people try out the latest release and see if it seems OK? If no one complains over the next few days, I will put out a new Seems to be working fine on pks.aaiedu.hr.Are you sure?Sending a key using GPG 1.4.2+libcurl

Re: [Sks-devel] Re: SKS v. unknown HTTP headers (was: Re: IPv6 failover?)

I just committed a version of Jason's patch to my mainline tree. Any other patches not there that people think worth of inclusion before I bless another release? YaronOn 8/6/05, Peter Palfrader [EMAIL PROTECTED] wrote: On Fri, 05 Aug 2005, Yaron Minsky wrote: As you can tell from the SKS

Re: [Sks-devel] Re: SKS v. unknown HTTP headers (was: Re: IPv6 failover?)

As you can tell from the SKS keyserver, I'm no expert on HTTP. Under what circumstances is the character in question an =, and in what case is it a %? Are there any other possibilities? yOn 8/5/05, Jason Harris [EMAIL PROTECTED] wrote: On Thu, Aug 04, 2005 at 07:54:09AM -0400, David Shaw wrote:

Re: [Sks-devel] keyserver.afoyi.com

It should be automatic: if you peer with any of the hosts that are already there, then it should just trace the graph and find everyone there. At least that was my impression. By that standard, would you expect your machine to already be listed? Perhaps the graph-tracing program is busted... yOn