Kiss Gabor (Bitman | 24 May 06:33 2016
Picon

Oh, Jeeez...!

Guys,

Have you remembered I'm continuosly worrying about
trolls pumping 10-20 millions of dummy keys into key servers?
It is started...

http://keys.niif.hu/pks/lookup?op=vindex&search=0x0B7F8B60E3EDFAE3
(Scroll over the whole page.)

So we must hard think how to delete keys/signatures.

Gabor

Valentin Sundermann | 17 May 22:14 2016
Picon

Seeking peers for keyserver.vsund.de

Hi,

I am looking for peers for a new SKS keyserver installation.

I installed SKS version 1.1.5+ which is reachable at [1] or [2] or [3].
The server behind uses full disk encryption (in case somebody consider
it as important).
This SKS instance is reachable via IPv6.

The server is physically located in online.net's DC2 (near Paris, EU).
(The MaxMind database displays it as in GB.)

I imported the keydump from [4], dated 2016-05-17.
I see 4279029 keys loaded.

And a question onto pools: My keyserver is not reachable via IP:80 and
IP:443 but has the following server names in nginx (plus my own):
 - *.sks-keyservers.net
 - *.pool.sks-keyservers.net
 - keys.gnupg.net
 - pgp.ipfire.org
Are they any problem with this? (And are there any pools which could add
me without notice?)

keyserver.vsund.de 11370 # Valentin Sundermann <me@...>
0xA1AADE57842A21A3 - onename.com/vsund

Thank you,
Valentin

(Continue reading)

Christian Felsing | 15 May 10:41 2016
Picon

Change Notice b.key.ip6.li.

Hello,

please notice, that b.key.ip6.li got new IP addresses, because it moved 
to a new server.

In case you have peering with b.key.ip6.li please check connectivity to 
recon (11370) and db (11371) processes. if your membership file contains 
host name b.key.ip6.li DNS will do dirty work for you. if you are using 
IP addresses, please consider to use host name or change IP addresses. 
Domain ip6.li supports DNSSEC.

old:

5.135.164.119
2001:41d0:8:e777::1

new:

149.56.171.19
2607:5300:60:490f:1::19

best regards
Christian

Attachment (smime.p7s): application/pkcs7-signature, 5985 bytes
Hello,

please notice, that b.key.ip6.li got new IP addresses, because it moved 
(Continue reading)

Chris Morrow | 5 May 17:39 2016
Picon

seeking peers for sks.rarc.net


Howdy,
I am looking for peers for a new SKS keyserver installation.

I am running SKS version 1.1.3, on sks.rarc.net.  I support a local
hosting company (AS54054) and some security related functions as well:
  nsp security
  operations security trust - https://openid.ops-trust.net/about

both of which are users of the gpgs, so having a 'local' resource for
key management/search/import/export is helpful and removes some load
from public server sets.

The server is physically located in Asburn, VA (US).  The machine has
IPv4 and IPv6(native) connectivity.

I have loaded a keydump from http://keyserver.borgnet.us/dump/, dated 2016-05-02.
I see 4,265,056 keys loaded.

For operational issues, please contact me directly.

sks.rarc.net 11370 # Chris Morrow <morrowc@...> 0xA579BB14

Thank you,
-chris morrow
Chris Morrow | 5 May 17:40 2016
Picon

seeking peers for sks.rarc.net


Howdy,
I am looking for peers for a new SKS keyserver installation.

I am running SKS version 1.1.3, on sks.rarc.net.  I support a local
hosting company (AS54054) and some security related functions as well:
  nsp security
  operations security trust - https://openid.ops-trust.net/about

both of which are users of the gpgs, so having a 'local' resource for
key management/search/import/export is helpful and removes some load
from public server sets.

The server is physically located in Asburn, VA (US).  The machine has
IPv4 and IPv6(native) connectivity.

I have loaded a keydump from http://keyserver.borgnet.us/dump/, dated 2016-05-02.
I see 4,265,056 keys loaded.

For operational issues, please contact me directly.

sks.rarc.net 11370 # Chris Morrow <morrowc@...> 0xA843B36B

Thank you,
-chris morrow

André Keller | 1 May 01:42 2016

IPv6 status monitoring broken?

Hi all,

seems IPv6 status monitoring is currently broken. Only five servers list
IPv6 as working on https://sks-keyservers.net/status/. I've tested some
others (f.e. key.ip6.li, keys.communityrack.org) manually and they seem
to work fine over IPv6.

Anybody has a clue whats wrong?

Regards

André

_______________________________________________
Sks-devel mailing list
Sks-devel <at> nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel
Kiss Gabor (Bitman | 28 Apr 16:22 2016
Picon

keys.gnupg.net anomaly

I found requests for https://keys.gnupg.net/ in my Apache logs
on keys.niif.hu. Of course they were unsuccessful because
my HTTP daemon is not set up to provide this virtual site.

In the DNS we can see this:
keys.gnupg.net          CNAME   pool.sks-keyservers.net

Phil Pennock writes on http://sks.spodhuis.org/:
| End-users should use a pool definition, such as keys.gnupg.net which will
| alias into an operational pool.

So this seems to be a well known situation but I don't believe
it would be a wise thing.
Google is full of complaints about "unreachable" or "non functional"
keys.gnupg.net. The reason is above.

What do you think, folks?

Gabor

Kiss Gabor (Bitman | 27 Apr 13:46 2016
Picon

I provide keydump again

Dear folks,

I can offer weekly keydump again at http://keys.niif.hu/keydump/.
It will be generated every Monday.

Regards

Gabor
--

-- 
The Meaning of Life of Brian

Kiss Gabor (Bitman | 27 Apr 11:09 2016
Picon

Empty dump

Dear Carles,

Have you noticed, that https://pgp.key-server.io/sks-dump/
provides no data to download?

Regards

Gabor

Pete Stephenson | 26 Apr 23:12 2016

Running SKS keyserver on dynamic DNS

Hi all,

I already run one SKS keyserver, and am thinking of running a second.
The caveat is that the public IP address of the second system
periodically changes. When it does, the DNS name pointing to that
system is updated automatically (typically within a few seconds).

How happily could SKS exist in such an environment?

I have two particular concerns:

1. The instructions at
<https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering> state
that "You should explicitly set all public addresses used...". How can
I effectively do this if the public address changes on occasion? How
would things work if I instead listed the internal IPv4 address of the
server (it's located behind a NAT router) and the public IPv6 address
for the server in the sksconf file?

2. How often would peers query DNS for updates to one's IP address? I
don't mind brief loss-of-sync events when the IP address changes, but
it'd be ideal if peers could adapt to updated IP addresses quickly.

Cheers!
-Pete

--

-- 
Pete Stephenson

(Continue reading)

Nick Bebout | 15 Apr 17:27 2016

keys.fedoraproject.org

Anyone that wants to peer with keys.fedoraproject.org, please add us to your membership file and send me the line to put in our membership file.

keys.fedoraproject.org 11370 # sysadmin-keys-members <at> fedoraproject.org (Nick Bebout)
<div><div dir="ltr">Anyone that wants to peer with <a href="http://keys.fedoraproject.org">keys.fedoraproject.org</a>, please add us to your membership file and send me the line to put in our membership file.<br><br><a href="http://keys.fedoraproject.org">keys.fedoraproject.org</a> 11370 # <a href="mailto:sysadmin-keys-members@...">sysadmin-keys-members <at> fedoraproject.org</a> (Nick Bebout)</div></div>

Gmane