[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] pool.sks-keyservers.net in seahorse
From: |
John Clizbe |
Subject: |
Re: [Sks-devel] pool.sks-keyservers.net in seahorse |
Date: |
Tue, 05 Apr 2011 16:37:45 -0500 |
User-agent: |
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19pre) Gecko/20110401 Mnenhy/0.8.3 SeaMonkey/2.0.14pre |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Kim Minh Kaplan wrote:
> Jonathon Weiss writes:
>
>> John Clizbe writes:
>>
>>> BTW, check your SKS DB port, it looks to be set to 17311, i.e.,
>>> -rw-r--r-- 1 sks sks 95304 Apr 1 23:35 diff-18.9.60.141_17311.txt
>>
>> It is, though that port is firewalled. Apache is listening on 11371 and
>> forwarding requests to 17311. This was needed to deal with clients that
>> were either mis-behaving, or behind a bad network.
>
> Beware: the SKS recon process sends the port of the SKS db server to
> your peers. It means that John's recon process will try to retrieve the
> missing keys on your port 17311 which is apparently not what you expect.
> The result is that while your server succesfully retrieves keys from the
> rest of the SKS network, the keys that have been uploaded to your server
> never make it out to the rest of the world.
yep, recon.log shows:
2011-04-05 15:26:04 Requesting 250 missing keys from <ADDR_INET
[18.9.60.141]:17311>, starting with 599D92EE18465DA7D2DFDAB07AD0CF53
2011-04-05 15:29:04 get_missing_keys terminated by timeout
2011-04-05 15:29:04 Requesting 250 missing keys from <ADDR_INET
[18.9.60.141]:17311>, starting with 6FA843B5735D412217D4D7E90F98DD7D
2011-04-05 15:32:04 get_missing_keys terminated by timeout
2011-04-05 15:32:04 Requesting 250 missing keys from <ADDR_INET
[18.9.60.141]:17311>, starting with 867433D3D5914B2BCFB3928588702DC5
2011-04-05 15:35:04 get_missing_keys terminated by timeout
> To have your peers use port 11371 you will probably (not tried) have to
> use a separate directories for the db and recon processes so that you
> can configure each of them with different hkp_port.
I started with an empty keyring and ran:
for hash in $(cat diff-18.9.60.141_17311.txt)
do
echo $hash
gpg --fetch-key http://pgp.mit.edu:11371/pks/lookup?search=${hash}
\&fingerprint=on\&op=hget
done
sks merge .gnupg/pubring.gpg
I'll see if it did any good the next time the two servers sync
- -John
- --
John P. Clizbe Inet: John (a) GingerBear DAWT net
FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or
mailto:address@hidden
Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12-svn5502-2010-12-23 (Windows XP)
Comment: When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
Comment: Be part of the £37 ECHELON -- Use Strong Encryption.
Comment: It's YOUR right - for the time being.
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBCAAGBQJNm4ujAAoJECMTMVxDW9A0xRYH/0TaU3LEG2Fvhb8rBwFHKxno
jYsSEWGPv1QJzEHnbemHElb8H5MLDmo0DBgrMTTO/yZ9ZB/LBOCbaHeCaEPjWV9g
OeOFgUWgfEm6/biAC7oHrVMGcxka2Y9M50BhX6sruGNnqcl0/zjhR49ja6UwX8JZ
WdFipbOrWzey7sGZP3U8JaICbnVB2wE2+u6jvzHe3J2VSBNkk2GG97O5a5FD7RWl
q5ND8zBlM/nU3YN1T7EDWblMVWanrtngHHOdQ9LVFEHg5fTLea/IQ2bbgSI2+2fq
fIpbSJ41EMA6Gghq/NiUznnWEvTIsmQXSA2/cg1BiWy8Lx1oeVmwoqdGCPiP1h+I
XgQBEQgABgUCTZuLowAKCRDrXhnz1laYJc0TAP4ujXbV6Q43pXqOXK+njuSpnJ7Z
mK8IZ1YPD7eTDEr5lwD/cHB6agGmOv9HQbr3ktoY8rl/1maTeultVQH/i9l6eCg=
=9JAS
-----END PGP SIGNATURE-----
- Re: [Sks-devel] pool.sks-keyservers.net in seahorse, Jonathon Weiss, 2011/04/01
- Re: [Sks-devel] pool.sks-keyservers.net in seahorse, John Clizbe, 2011/04/02
- Re: [Sks-devel] pool.sks-keyservers.net in seahorse, Jonathon Weiss, 2011/04/04
- Re: [Sks-devel] pool.sks-keyservers.net in seahorse, John Clizbe, 2011/04/04
- Re: [Sks-devel] pool.sks-keyservers.net in seahorse, Kim Minh Kaplan, 2011/04/05
- Re: [Sks-devel] pool.sks-keyservers.net in seahorse,
John Clizbe <=
- Re: [Sks-devel] pool.sks-keyservers.net in seahorse, John Marshall, 2011/04/06
- Re: [Sks-devel] pool.sks-keyservers.net in seahorse, Jonathon Weiss, 2011/04/06
- Re: [Sks-devel] peering with non-standard hkp_port [was: pool.sks-keyservers.net in seahorse], John Marshall, 2011/04/06