On Fri 2015-04-10 03:32:20 -0400, Kiss Gabor (Bitman) wrote: >> sks 1.1.5+ requires round about 300MB in main memory on key.cccmz.de and >> key.ip6.li. May be there is a problem, when haproxy is used in tcp mode to >> proxy port 11370. key.ip6.li did not have problems, but a test system has >> also >> memory problems. >> >> On key.cccmz.de I replaced haproxy solution by native IPv6 solution and IP >> NAT >> for IPv4. > > Dear Christian et al. > > This morning I did realize that keys.niif.hu is not configured at > keys.cccmz.de as peer. See > https://sks-keyservers.net/status/info/key.cccmz.de > That _can_ be the reason of extreme memory consuming at my side. :-)
I consider this a bug in SKS, if it can overconsume RAM on the basis of one misbehaving or rejecting peer. the implication is that a network attacker can force any SKS server into this state. Have you filed a bug report about this? Having a clear diagnosis of the problem (and how to reproduce it?) would be really useful. --dkg _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel