Greetings All,
keys.riverwillow.net.au has just had some long-overdue TLC. I have
upgraded from 1.1.3 to 1.1.4 (with a complete dump and reload) and have
moved the db server behind a Squid server on the same host. It looks to
me like everything is working as it should but, given some of the
reve
On 04/28/2012 09:39 PM, John Clizbe wrote:
> 1.1.1? If doing an update, why not go to 1.1.3, rather than add a patch or two
> to 1.1.1?
>
> 1.1.1 also has the broken HTML generation in it which was fixed for 1.1.2.
I understand there are several changes worth importing, and i agree that
the right
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1,SHA256
Daniel Kahn Gillmor wrote:
> On 04/28/2012 09:26 AM, Jens Leinenbach wrote:
>> As already discussed on this list, there is this old SKS bug using POST
>> requests without sending the http version, so ngnix denies these POST
>> request.
>> And I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 29.04.2012 00:58, Daniel Kahn Gillmor wrote:
> On 04/28/2012 09:26 AM, Jens Leinenbach wrote:
>
>
> I do not recommend exposing SKS directly on port 11372, since that
> would mean leaving yourself exposed directly to the same DoS attack
> that t
On 04/28/2012 09:26 AM, Jens Leinenbach wrote:
> As already discussed on this list, there is this old SKS bug using POST
> requests without sending the http version, so ngnix denies these POST
> request.
> And I didn't find any workaround, so that ngnix can fix these requests.
It looks like you're
Hi Kristian,
> The workaround is to make SKS listen to e.g. port 11372, as specified
> in hkp_port in sksconf, that is allowed access only by your peer list.
That's an interesting idea as a workaround as ngnix would not protect sks...
I'll think about that.
> As for the use of nginx, are you sure
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 28.04.2012 15:45, Kristian Fiskerstrand wrote:
> On 28.04.2012 15:26, Jens Leinenbach wrote:
...
> The workaround is to make SKS listen to e.g. port 11372, as
> specified in hkp_port in sksconf, that is allowed access only by
> your peer list. U
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 28.04.2012 15:26, Jens Leinenbach wrote:
> Hi Kristian,
>
> I installed a reverse proxy over a week ago, but it seems not to
> be recognized, as you can see here:
> http://keyserver.ccc-hanau.de:11371/ngnix
> http://sks-keyservers.net/status/in
Hi Kristian,
I installed a reverse proxy over a week ago, but it seems not to be
recognized, as you can see here:
http://keyserver.ccc-hanau.de:11371/ngnix
http://sks-keyservers.net/status/info/keyserver.ccc-hanau.de
To configure that, I left the SKS configuration untouched (after some
known probl
