sks-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] pool.sks-keyservers.net in seahorse

From: John Clizbe
Subject: Re: [Sks-devel] pool.sks-keyservers.net in seahorse
Date: Tue, 05 Apr 2011 16:37:45 -0500
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19pre) Gecko/20110401 Mnenhy/0.8.3 SeaMonkey/2.0.14pre 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Kim Minh Kaplan wrote:
> Jonathon Weiss writes:
> 
>> John Clizbe writes:
>>
>>> BTW, check your SKS DB port, it looks to be set to 17311, i.e.,
>>> -rw-r--r-- 1 sks  sks  95304 Apr  1 23:35 diff-18.9.60.141_17311.txt
>>
>> It is, though that port is firewalled.  Apache is listening on 11371 and
>> forwarding requests to 17311.  This was needed to deal with clients that
>> were either mis-behaving, or behind a bad network.
> 
> Beware: the SKS recon process sends the port of the SKS db server to
> your peers. It means that John's recon process will try to retrieve the
> missing keys on your port 17311 which is apparently not what you expect.
> The result is that while your server succesfully retrieves keys from the
> rest of the SKS network, the keys that have been uploaded to your server
> never make it out to the rest of the world.

yep, recon.log shows:

2011-04-05 15:26:04 Requesting 250 missing keys from <ADDR_INET
[18.9.60.141]:17311>, starting with 599D92EE18465DA7D2DFDAB07AD0CF53
2011-04-05 15:29:04 get_missing_keys terminated by timeout
2011-04-05 15:29:04 Requesting 250 missing keys from <ADDR_INET
[18.9.60.141]:17311>, starting with 6FA843B5735D412217D4D7E90F98DD7D
2011-04-05 15:32:04 get_missing_keys terminated by timeout
2011-04-05 15:32:04 Requesting 250 missing keys from <ADDR_INET
[18.9.60.141]:17311>, starting with 867433D3D5914B2BCFB3928588702DC5
2011-04-05 15:35:04 get_missing_keys terminated by timeout

> To have your peers use port 11371 you will probably (not tried) have to
> use a separate directories for the db and recon processes so that you
> can configure each of them with different hkp_port.

I started with an empty keyring and ran:

for hash in $(cat  diff-18.9.60.141_17311.txt)
do
   echo $hash
   gpg --fetch-key http://pgp.mit.edu:11371/pks/lookup?search=${hash}
     \&fingerprint=on\&op=hget
done
sks merge .gnupg/pubring.gpg

I'll see if it did any good the next time the two servers sync

- -John
- -- 
John P. Clizbe                      Inet: John (a) GingerBear DAWT net
FSF Assoc #995 / FSFE Fellow #1797  hkp://keyserver.gingerbear.net  or
     mailto:address@hidden

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12-svn5502-2010-12-23 (Windows XP)
Comment: When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
Comment: Be part of the £€37 ECHELON -- Use Strong Encryption.
Comment: It's YOUR right - for the time being.
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJNm4ujAAoJECMTMVxDW9A0xRYH/0TaU3LEG2Fvhb8rBwFHKxno
jYsSEWGPv1QJzEHnbemHElb8H5MLDmo0DBgrMTTO/yZ9ZB/LBOCbaHeCaEPjWV9g
OeOFgUWgfEm6/biAC7oHrVMGcxka2Y9M50BhX6sruGNnqcl0/zjhR49ja6UwX8JZ
WdFipbOrWzey7sGZP3U8JaICbnVB2wE2+u6jvzHe3J2VSBNkk2GG97O5a5FD7RWl
q5ND8zBlM/nU3YN1T7EDWblMVWanrtngHHOdQ9LVFEHg5fTLea/IQ2bbgSI2+2fq
fIpbSJ41EMA6Gghq/NiUznnWEvTIsmQXSA2/cg1BiWy8Lx1oeVmwoqdGCPiP1h+I
XgQBEQgABgUCTZuLowAKCRDrXhnz1laYJc0TAP4ujXbV6Q43pXqOXK+njuSpnJ7Z
mK8IZ1YPD7eTDEr5lwD/cHB6agGmOv9HQbr3ktoY8rl/1maTeultVQH/i9l6eCg=
=9JAS
-----END PGP SIGNATURE-----
reply via email to
[Prev in Thread] Current Thread [Next in Thread]