-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Kim Minh Kaplan wrote: > Jonathon Weiss writes: > >> John Clizbe writes: >> >>> BTW, check your SKS DB port, it looks to be set to 17311, i.e., >>> -rw-r--r-- 1 sks sks 95304 Apr 1 23:35 diff-18.9.60.141_17311.txt >> >> It is, though that port is firewalled. Apache is listening on 11371 and >> forwarding requests to 17311. This was needed to deal with clients that >> were either mis-behaving, or behind a bad network. > > Beware: the SKS recon process sends the port of the SKS db server to > your peers. It means that John's recon process will try to retrieve the > missing keys on your port 17311 which is apparently not what you expect. > The result is that while your server succesfully retrieves keys from the > rest of the SKS network, the keys that have been uploaded to your server > never make it out to the rest of the world.
yep, recon.log shows: 2011-04-05 15:26:04 Requesting 250 missing keys from <ADDR_INET [18.9.60.141]:17311>, starting with 599D92EE18465DA7D2DFDAB07AD0CF53 2011-04-05 15:29:04 get_missing_keys terminated by timeout 2011-04-05 15:29:04 Requesting 250 missing keys from <ADDR_INET [18.9.60.141]:17311>, starting with 6FA843B5735D412217D4D7E90F98DD7D 2011-04-05 15:32:04 get_missing_keys terminated by timeout 2011-04-05 15:32:04 Requesting 250 missing keys from <ADDR_INET [18.9.60.141]:17311>, starting with 867433D3D5914B2BCFB3928588702DC5 2011-04-05 15:35:04 get_missing_keys terminated by timeout > To have your peers use port 11371 you will probably (not tried) have to > use a separate directories for the db and recon processes so that you > can configure each of them with different hkp_port. I started with an empty keyring and ran: for hash in $(cat diff-18.9.60.141_17311.txt) do echo $hash gpg --fetch-key http://pgp.mit.edu:11371/pks/lookup?search=${hash} \&fingerprint=on\&op=hget done sks merge .gnupg/pubring.gpg I'll see if it did any good the next time the two servers sync - -John - -- John P. Clizbe Inet: John (a) GingerBear DAWT net FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or mailto:pgp-public-k...@gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12-svn5502-2010-12-23 (Windows XP) Comment: When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl! Comment: Be part of the £37 ECHELON -- Use Strong Encryption. Comment: It's YOUR right - for the time being. Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJNm4ujAAoJECMTMVxDW9A0xRYH/0TaU3LEG2Fvhb8rBwFHKxno jYsSEWGPv1QJzEHnbemHElb8H5MLDmo0DBgrMTTO/yZ9ZB/LBOCbaHeCaEPjWV9g OeOFgUWgfEm6/biAC7oHrVMGcxka2Y9M50BhX6sruGNnqcl0/zjhR49ja6UwX8JZ WdFipbOrWzey7sGZP3U8JaICbnVB2wE2+u6jvzHe3J2VSBNkk2GG97O5a5FD7RWl q5ND8zBlM/nU3YN1T7EDWblMVWanrtngHHOdQ9LVFEHg5fTLea/IQ2bbgSI2+2fq fIpbSJ41EMA6Gghq/NiUznnWEvTIsmQXSA2/cg1BiWy8Lx1oeVmwoqdGCPiP1h+I XgQBEQgABgUCTZuLowAKCRDrXhnz1laYJc0TAP4ujXbV6Q43pXqOXK+njuSpnJ7Z mK8IZ1YPD7eTDEr5lwD/cHB6agGmOv9HQbr3ktoY8rl/1maTeultVQH/i9l6eCg= =9JAS -----END PGP SIGNATURE----- _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel