-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 2012-05-13 22:33, Phil Pennock wrote:
> I remain tempted to drop the IPv4 record from sks.spodhuis.org,
> leaving the client hostname as IPv6-only; one day, when I need to
> reclaim that IPv4 address, I will do so, but not just yet. I'm
> please
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 2012-05-13 22:38, Phil Pennock wrote:
> On 2012-05-13 at 16:33 -0400, Phil Pennock wrote:
>> When I do reclaim the IPv4, I'll probably split sks/sks-peer to
>> two different IPv6 addresses and set up appropriate
>> packet-filtering on the v6 addre
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 2012-05-13 22:33, Phil Pennock wrote:
> On 2012-05-13 at 15:20 -0500, John Clizbe wrote:
>
> Hrm. When I was new to SKS, I set up "sks.spodhuis.org" and
> "sks-peer.spodhuis.org". My hope was to use different filtering
> on different addresse
On 2012-05-13 at 16:33 -0400, Phil Pennock wrote:
> When I do reclaim the IPv4, I'll
> probably split sks/sks-peer to two different IPv6 addresses and set up
> appropriate packet-filtering on the v6 address, so that peering can
> remain up even in the face of Do
On 2012-05-13 at 15:20 -0500, John Clizbe wrote:
> So I'd restate Kristen's requirement as a server's peers need to have in their
> membership file the name in the host's sksconf file, be that an A record or a
> CNAME (or an entry in /etc/hosts). In actual practice, this is, as Kristen
> described
Kristian Fiskerstrand wrote:
> On 2012-05-13 17:43, Giovanni Mascellani wrote:
>> Hi.
>
>> Il 13/05/2012 16:41, Gabor Kiss ha scritto:
>>> OK. I understand the situation. Sksconf and peer's membership
>>> files must contain the _same_ name whatever it is. In this case
>>> Giovanni must decide wh
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 2012-05-13 17:43, Giovanni Mascellani wrote:
> Hi.
>
> Il 13/05/2012 16:41, Gabor Kiss ha scritto:
>> OK. I understand the situation. Sksconf and peer's membership
>> files must contain the _same_ name whatever it is. In this case
>> Giovanni m
Hi.
Il 13/05/2012 16:41, Gabor Kiss ha scritto:
> OK. I understand the situation. Sksconf and peer's membership
> files must contain the _same_ name whatever it is.
> In this case Giovanni must decide what name to use.
I changed the hostname in the configuration, although I find it a rather
funny
> I'd turn it the other way around. The hostname in sksconf is a
> principal identifier of the server, no matter which alias is used to
> access it, so the only one that can be used without getting duplicates
> in the pool.
>
> The hostname in sksconf should reflect the primary DNS names it is
> a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 2012-05-13 16:26, Gabor Kiss wrote:
>> Easiest way around it is using a properly defined membership file
>> that reference the hostname found in the sksconf. This is one of
>> the reasons I've provided a reference membership file[1].
>
> It seems
On May 13, 2012, at 10:26 AM, Gabor Kiss wrote:
>> Easiest way around it is using a properly defined membership file that
>> reference the hostname found in the sksconf. This is one of the
>> reasons I've provided a reference membership file[1].
>
> It seems to be easy like replacing all domain
> Easiest way around it is using a properly defined membership file that
> reference the hostname found in the sksconf. This is one of the
> reasons I've provided a reference membership file[1].
It seems to be easy like replacing all domain names by IP
addresses in configuration files but principa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 2012-05-13 16:00, Gabor Kiss wrote:
>> Nor is the cross-peering check in the meta page used for
>> anything, it is only there for convenience for the keyserver
>> operators.
>
> Bingo. It is the convenience what I miss. :-) I'm a keyserver
> oper
> Nor is the cross-peering check in the meta page used for anything, it
> is only there for convenience for the keyserver operators.
Bingo. It is the convenience what I miss. :-)
I'm a keyserver operator.
Actual status page is confusing and makes me nervous
because it reports error even it is all
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 2012-05-13 15:36, Gabor Kiss wrote:
>> * The change to use hostname reported in status page as basis,
>> which removed quite a few duplicates, and two -- three keyservers
>> removed due to lack of FQDN in that hostname.
>
> BTW. One of my peers i
On May 13, 2012, at 9:37 AM, Kristian Fiskerstrand wrote:
> -BEGIN PGP SIGNED MESSAGE-
>
> Incidentally, which server is that? Would be nice to see in the pool
keys.n3npq.net (virtual host on mashpee.jbj.org) SHOULD
have an apache2 reverse proxy in place.
OTOH I'm WebFU challenged, and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 2012-05-13 15:29, Jeffrey Johnson wrote:
>
> On May 13, 2012, at 9:05 AM, Kristian Fiskerstrand wrote:
>
>>
>>
>
> Putting a band-aid on an issue isn't the best engineering, nor is
> reverse proxy necessarily the "best" engineering solution e
> * The change to use hostname reported in status page as basis, which
> removed quite a few duplicates, and two -- three keyservers removed
> due to lack of FQDN in that hostname.
BTW.
One of my peers is keyserver.uz.sns.it.
On page http://sks-keyservers.net/status/info/keys.niif.hu
it is marked
On May 13, 2012, at 9:05 AM, Kristian Fiskerstrand wrote:
>
> So more reverse-proxy enabled servers* would be a good thing for the
> pool.
>
As usual, I find myself with a minority/contrarian and likely controversial
opinion:
Are reverse proxy servers really a good thing?
There's a
> But in the end , whether it is 45, 65 or 105 I don't necessarily care,
> as long as there are enough to provide good results to the pool.
Eeeerrr unfortunately two weeks ago somebody wrote on an other
mailing list that PGP is dead. Then I confuted him with growing
number of key servers.
Now
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 2012-05-13 13:58, Kristian Fiskerstrand wrote:
> On 2012-05-13 07:48, Gabor Kiss wrote:
>> Dear Kristian,
>
>
> * Updating the pool more frequently, it now updates every two
> hours (why is it relevant that it is updating more frequently?
> Sin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 2012-05-13 07:48, Gabor Kiss wrote:
> Dear Kristian,
>
>>
>
>> [1] http://sks-keyservers.net/status/
>
> This is quite strange. On April 30 there were 92 servers in the
> pool. Today your status page shows 47 only.
>
Hi Gabor,
I haven't loo
Dear Kristian,
> I have today pushed changes to my production server that affects the
> keyserver pools
> * eu.pool.sks-keyservers.net (Europe)
> * na.pool.sks-keyservers.net (North America)
> * oc.pool.sks-keyservers.net (Oceania) *
>
> The changes are related to calculation of DNS Service Re
23 matches
Mail list logo