headers
glumor | 1 Jul 2006 16:06
Picon

[spam] Visit this sites!


Visit %3Cahref%3Dhttp%3A%2F%2Farbat.or.at%2Fadipex%2F%3Ehttp%3A%2F%2Farbat.or.at%2Fadipex%2F%3C%2Fa%3E%3Cahref%3Dhttp%3A%2F%2Farbat.or.at%2Fxanax%2F%3Ehttp%3A%2F%2Farbat.or.at%2Fxanax%2F%3C%2Fa%3E%3Cahref%3Dhttp%3A%2F%2Farbat.or.at%2Fphentermine%2F%3Ehttp%3A%2F%2Farbat.or.at%2Fphentermine%2F%3C%2Fa%3E%3Cahref%3Dhttp%3A%2F%2Farbat.or.at%2Fcialis%2F%3Ehttp%3A%2F%2Farbat.or.at%2Fcialis%2F%3C%2Fa%3E%3Cahref%3Dhttp%3A%2F%2Farbat.or.at%2Fviagra%2F%3Ehttp%3A%2F%2Farbat.or.at%2Fviagra%2F%3C%2Fa%3E
Permalink | Reply | 0 comments |
headers
Jason Harris | 2 Jul 2006 22:38
Favicon

new (2006-06-25) keyanalyze results (+sigcheck)


New keyanalyze results are available at:

  http://keyserver.kjsl.com/~jharris/ka/2006-06-25/

Signatures are now being checked using keyanalyze+sigcheck:

  http://dtype.org/~aaronl/

Earlier reports are also available, for comparison:

  http://keyserver.kjsl.com/~jharris/ka/

Even earlier monthly reports are at:

  http://dtype.org/keyanalyze/

SHA-1 hashes and sizes for all the "permanent" files:

35cb8b395338d1c5feb471e6dc659108e28136f4        13883562        preprocess.keys
10b4152d8d2d0e07f5970d66a400dc2bd0c9e913        8237421 othersets.txt
652878f8f5e1223a413c86cddc435758d498e82a        3358044 msd-sorted.txt

a751f9d5477744a4f5e5ce6ebad6a60908e317ee        1372    index.html
a5b29179aa73b5daf991df1c2c0f408a70048656        2291    keyring_stats
bc5240e66333a15c662a51018a6f812be30eef86        1319045 msd-sorted.txt.bz2
aa8fb7336126762039aa440e97ddcbe0e7d0ff91        26      other.txt
df50134c41c95cf0913a48bc35b19844ff6a9696        1784061 othersets.txt.bz2
a7e58804cf14e4d6e2a1dafd5390a2b01c96bce0        5630986 preprocess.keys.bz2
d8660fe429c89771a3d7349b061dd41f8b1796af        14243   status.txt
(Continue reading)

Permalink | Reply | 0 comments |
headers
Daniel Franke | 4 Jul 2006 00:23

Open permission for mailsync incrementals

All PKS key servers are welcome to send incrementals to

	pgp-public-keys <at> keyserver.nuclearwombats.net

without the need for individual permission.  Contact me if you would
like me to add you to my mailsync file.  Since this an SKS server,
other SKS servers should instead contact me about gossip peering.

--

-- 
Daniel Franke      daniel <at> franke.name       http://daniel.franke.name
|----| =|\     \\\\    
|| * | -|-\---------   Man is free at the instant he wants to be. 
-----| =|  \   ///     --Voltaire
Permalink | Reply | 0 comments |
headers
Christoph Martin | 25 Jul 2006 15:26
Picon
Picon
Favicon

Bigbrother at pgp.uni-mainz.de

As you know I am running a Bigbrother monitoring service for some PGP
keyserver on http://pgp.zdv.uni-mainz.de/bigbrother/. It is somewhat
outdated now. The serverlist is not really current. What is more a
problem, is that the software has a security hole. It is no option to
upgrade to a current Bigbrother version, since it is no longer in Debian
and is also not free.

So the question is, are people interested in a monitoring service for
keyserver? The option is to disable the service completely or to replace
it with some other software like nagios. Also we should consider how to
keep the serverlist current.

Christoph
--

-- 
============================================================================
Christoph Martin, EDV der Verwaltung, Uni-Mainz, Germany
 Internet-Mail:  Christoph.Martin <at> Verwaltung.Uni-Mainz.DE
  Telefon: +49-6131-3926337
      Fax: +49-6131-3922856
Permalink | Reply | 5 comments |
headers
Marcus Holthaus (Logintas | 26 Jul 2006 10:38
Picon

Re: Bigbrother at pgp.uni-mainz.de

Hi Christoph, folks,

there are two problems in your mail:
1. outdated and presumably insecure software
2. outdated keyserver list

As for 1.:
I am interested in a service like this, and I have consulted it
previously. It used to be handy for debugging. We do run our own
keyserver (pgpkeys.logintas.ch:11371) and we do have a Nagios up and
running. So if there is interest, we could take over the monitoring.
There would be some differences to the current service, though:
- we would define the pgp key servers as a host and service group in our
internal nagios system
- in regular intervals we would export the corresponding html result
page to one of our public webservers
- so there would not be a "login" for admins or the like, and no direct
interaction with our nagios
- also the checks would be limited to "host" (ping), smtp (25), "sks
sync (11370)" and "openpgp keyserver service" (11371), and not include
cpu load, disk, procs or other host-internal stati
- also it would look like the standard nagios result page - no fancy
blinking buttons, but the essential "key server reachable" info would be
there
- alarming would go directly to the respective host admins, and their
names might be published on the result page
- we could do an SMS alert, but max 1 per day and max 5 times in a row
(which costs us about €1-3 per host or service downtime, which we would
sponsor).
- we suffer outages ourselves sometimes... misalerts are possible though
(Continue reading)

Permalink | Reply | 4 comments |
headers
Olaf Gellert | 27 Jul 2006 11:48
Picon

Re: [pgp-keyserver-folk] Bigbrother at pgp.uni-mainz.de

Marcus Holthaus (Logintas) wrote:
> Hi Christoph, folks,
> 
> there are two problems in your mail:
> 1. outdated and presumably insecure software
> 2. outdated keyserver list
> 
> As for 1.:
> I am interested in a service like this, and I have consulted it
> previously. It used to be handy for debugging. We do run our own
> keyserver (pgpkeys.logintas.ch:11371) and we do have a Nagios up and
> running. So if there is interest, we could take over the monitoring.
[...]

Thanks for the offer. Could be useful, but maybe an
automatic process could do the job (see below)?

> As for 2:
> We would also depend on pgp key server admins to provide us with their
> host names or ips, and e-mail-addresses or sms / mobile phone numbers
> for notification. Correspondance would be using signed and possibly
> encrypted pgp e-mails. We do not expect a load of changes... pgp key
> server population has not seen that much of fluctuation, so
> administrative work would remain low, I hope.
> However, there is a graph on http://www.nongnu.org/sks/ which lists many
> SKS servers. This graph seems to be auto-generated. So there has to be a
> list of servers, or at least a way to create such a list. Anyone any
> idea about this?

The graph is autogenerated. If I remember correctly
(Continue reading)

Permalink | Reply | 2 comments |
headers
Peter Palfrader | 27 Jul 2006 12:40

keyservers MIA

Hi,

while going over my membership file I noticed that a lot of keyservers I
added over the time appear to have vanished.  If you sync only or mostly
against the keyservers below you should probably try to find a few more
additional peers.

The following keyservers from my membership file appear to be no longer
functional (I did not check any servers not in my membership file!):

- keyserver.aarg.net (bogus DNS)
- sks.keyserver.penguin.de (Connection refused)
- backup.lk.keyserver.penguin.de (No route to host)
- thedungeon.dnsalias.net (unknown host)
- sks.dnsalias.net (Connection timed out)
- keyserver.bu.edu (Connection timed out)
- keys.se.linux.org (No route to host)
- keyserver.fabbione.net (Connection refused)
- keyserver.sane.net (Connection timed out)
- pgp.ael.be (No route to host)
- misterl.net (Connection refused)
- www.linux-geeks.de (Connection refused)
- gnupg.jccc.net (unknown host)
- keys.kadath.com.ar (bogus DNS)
- pgp.cns.ualberta.ca (Connection refused)
- elephant.finux.org (Connection refused)
- keyserver.afoyi.com (unknown host)
- pgp.hpc.unm.edu (Connection refused)
- pgp.uni-mainz.de (Connection refused)
- keyserver-sks.kjsl.com:21370 (Connection refused)
(Continue reading)

Permalink | Reply | 12 comments |
headers
Fabio Massimo Di Nitto | 27 Jul 2006 12:47

Re: keyservers MIA

Peter Palfrader wrote:
> Hi,
> 

> - keyserver.fabbione.net (Connection refused)

The server did crash and i didn't notice. Thanks. It's up again now.

Fabio

--

-- 
I'm going to make him an offer he can't refuse.
Permalink | Reply | 0 comments |
headers
Christoph Martin | 27 Jul 2006 12:54
Picon
Picon
Favicon

Re: keyservers MIA

Hi,

Peter Palfrader schrieb:
> Hi,
> 
> The following keyservers from my membership file appear to be no longer
> functional (I did not check any servers not in my membership file!):
> 
> - pgp.uni-mainz.de (Connection refused)

I am working on the recovery. My sks crashed during my holiday on July
9th with a database error:

Fatal database error: Bdb.DBError("fatal region error detected; run
recovery")

Recovery is not working:

# db4.1_recover -vech .
db_recover: Finding last valid log LSN: file: 1436 offset 1264017
db_recover: Recovery starting from [1436][28]
db_recover: txnid 80000007 commit record found, already on commit list
db_recover: Recovery function for LSN 1436 1258581 failed on backward pass
db_recover: PANIC: Invalid argument
db_recover: fatal region error detected; run recovery
db_recover: fatal region error detected; run recovery
db_recover: fatal region error detected; run recovery
db_recover: fatal region error detected; run recovery
db_recover: fatal region error detected; run recovery
db_recover: fatal region error detected; run recovery
(Continue reading)

Permalink | Reply | 4 comments |
headers
Darryl Ross | 27 Jul 2006 13:41

Re: keyservers MIA

Peter Palfrader wrote:
> Hi,
> 
> while going over my membership file I noticed that a lot of keyservers I
> added over the time appear to have vanished.  If you sync only or mostly
> against the keyservers below you should probably try to find a few more
> additional peers.
> 
> The following keyservers from my membership file appear to be no longer
> functional (I did not check any servers not in my membership file!):
> 
> - keyserver.afoyi.com (unknown host)

I sent a message to the sks list when I shut this down. It has been
replaced by keyserver.oeg.com.au

Regards
Darryl
Permalink | Reply | 0 comments |

Gmane