New wiki page: Peering

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

New wiki page: Peering

Phil Pennock-17
I just wrote this:

  http://code.google.com/p/sks-keyserver/wiki/Peering

Constructive feedback welcome.

Yes, it has some bias in what it suggests you do.  It suggests what I
think is right.  Arguments about how I'm wrong are constructive.

I'm not sure that membership_reload_interval is necessary any more,
after Kim's improvements in this area.  I put it in anyway, to be safe,
but would be happy to remove it again; Kim?

*cough*  Comments about how long it took me to write anything at all,
after getting editor privilege, while wholly justified are not
constructive.  ;-)  Unless your name is Yaron.

I decided that the act of getting and installing the keydump was enough
of an issue in itself to not be part of peering.  There are good docs
out there on how to do this; I linked to:
  http://www.keysigning.org/sks/
for instructions.  In general though, I think that the wiki should aim
to be self-sufficient.  Why?  Because when I was setting up SKS it was a
pain to pick through all the dead sites, out-of-date sites and
assumptions that well-known-site X would be up with the canonical
information.  If someone is reading the wiki, then the wiki is up and
reachable, so we should make it self-contained, but link freely to the
external docs from the relevant articles.

Thoughts?

-Phil

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel

attachment0 (169 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: New wiki page: Peering

Kim Minh Kaplan
Phil Pennock:

> I just wrote this:
>
>   http://code.google.com/p/sks-keyserver/wiki/Peering

Nice work.  Here are some hopefully constructive comments.

    You are assumed to have installed SKS

You could explicit that you mean something like "make && make install"
or "aptitude install sks" as peering itself might be considered part of
the installation process.

    SKS basedir

Unlike many daemons SKS makes use of its current working directory as
its basedir.  It should be mentionned.

    Double-check DNS

Sample DNS records could help ; and use non routable addresses¹ in your
examples.  Something like:

    myhost.example.com.    IN A    192.68.2.42
    myhost.example.com.    IN AAAA FDA6:58A1:7B2E:AAF9::1:42
    keyserver.example.com. IN A    myhost.example.com.

> I'm not sure that membership_reload_interval is necessary any more,
> after Kim's improvements in this area.  I put it in anyway, to be safe,
> but would be happy to remove it again; Kim?

I am quite confident that this setting is not used anymore (and that the
code could do with a little cleanup regarding this).  So yes remove it.

    The server is in The Netherlands.

Use a non existant country in the sample. The Neverland is nice.

    Add the line to your config

Explicit mention of "membership file" would be better than config.

Also a couple of words mentionning that SKS logs to db.log, recon.log
and generally *.log will help the new user.

The "-disable_mailsync" option should be explained as it is a loose end
in SKS.  Given the state of the PKS network it is perfectly acceptable
to use it.  At any rate if the mailsync file is empty it can be used to
keep the db process from spitting false alarms in the logs.  Mmm,
looking back at it these alarms are not completely false: it seems there
is a leak in the tqueue DB when you have no mailsync, I'll have to file
an issue about that.

Kim Minh.

P.S.: browsing http://code.google.com/p/sks-keyserver/source/browse/ 
does *not* show all source files, it stops at reconserver.ml.  Am I the
only one seeing this?

¹ RFC 1918 Address Allocation for Private Internets
    http://www.ietf.org/rfc/rfc1918.txt
  RFC 4193 Unique Local IPv6 Unicast Addresses
    http://www.ietf.org/rfc/rfc4193.txt


_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: New wiki page: Peering

Daniel Kahn Gillmor-7
On 11/28/2009 04:48 AM, Kim Minh Kaplan wrote:
> Phil Pennock:
>
>> I just wrote this:
>>
>>   http://code.google.com/p/sks-keyserver/wiki/Peering

Thanks, Phil!

> Sample DNS records could help ; and use non routable addresses¹ in your
> examples.  Something like:
>
>    myhost.example.com.    IN A    192.68.2.42
>    myhost.example.com.    IN AAAA FDA6:58A1:7B2E:AAF9::1:42
>    keyserver.example.com. IN A    myhost.example.com.

Actually, for examples IP addresses, please use documentation-specific
values for IP addresses (in the so-called TEST-NET range):

For IPv6, use addresses in the range: 2001:db8::/32

  http://tools.ietf.org/html/rfc5156#section-2.6
  http://tools.ietf.org/html/rfc3849

For IPv4, use addresses in the range: 192.0.2.0/24

  http://tools.ietf.org/html/rfc3330#page-3

Please do *not* use RFC1918 private address space, because it might
actually be in use by people reading the examples.

Thanks,

        --dkg


_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (909 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: New wiki page: Peering

Kim Minh Kaplan
Daniel Kahn Gillmor writes:

> On 11/28/2009 04:48 AM, Kim Minh Kaplan wrote:
>
>>    myhost.example.com.    IN A    192.68.2.42
>>    myhost.example.com.    IN AAAA FDA6:58A1:7B2E:AAF9::1:42
>
> Actually, for examples IP addresses, please use documentation-specific
> values for IP addresses (in the so-called TEST-NET range):
>
> For IPv6, use addresses in the range: 2001:db8::/32
>
>   http://tools.ietf.org/html/rfc5156#section-2.6
>   http://tools.ietf.org/html/rfc3849
>
> For IPv4, use addresses in the range: 192.0.2.0/24
>
>   http://tools.ietf.org/html/rfc3330#page-3

I did not know about these reserved addresses ranges, thank you for the
information and references.

Kim Minh.


_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: New wiki page: Peering

Phil Pennock-17
In reply to this post by Daniel Kahn Gillmor-7
On 2009-11-28 at 10:54 -0500, Daniel Kahn Gillmor wrote:

> Actually, for examples IP addresses, please use documentation-specific
> values for IP addresses (in the so-called TEST-NET range):
>
> For IPv6, use addresses in the range: 2001:db8::/32
>
>   http://tools.ietf.org/html/rfc5156#section-2.6
>   http://tools.ietf.org/html/rfc3849
>
> For IPv4, use addresses in the range: 192.0.2.0/24
>
>   http://tools.ietf.org/html/rfc3330#page-3
These are in fact what I did use.

Thanks,
-Phil

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel

attachment0 (169 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: New wiki page: Peering

Phil Pennock-17
In reply to this post by Kim Minh Kaplan
On 2009-11-28 at 09:48 +0000, Kim Minh Kaplan wrote:
> You could explicit that you mean something like "make && make install"
> or "aptitude install sks" as peering itself might be considered part of
> the installation process.

I opted for "You are assumed to have installed the SKS program and to
[...]".

>     SKS basedir
>
> Unlike many daemons SKS makes use of its current working directory as
> its basedir.  It should be mentionned.

Done.

> Phil Pennock:
> > I'm not sure that membership_reload_interval is necessary any more,
> > after Kim's improvements in this area.  I put it in anyway, to be safe,
> > but would be happy to remove it again; Kim?
>
> I am quite confident that this setting is not used anymore (and that the
> code could do with a little cleanup regarding this).  So yes remove it.

Done.

>     The server is in The Netherlands.
>
> Use a non existant country in the sample. The Neverland is nice.

I'm based in the USA and wary of trademarks; I strongly suspect that the
estate of a recently deceased pop star has a trademark on that.  I went
for "Foobarlandy (EU)".

>     Add the line to your config
>
> Explicit mention of "membership file" would be better than config.

Done.

> Also a couple of words mentionning that SKS logs to db.log, recon.log
> and generally *.log will help the new user.

Done.

> The "-disable_mailsync" option should be explained as it is a loose end
> in SKS.

Done.

> in SKS.  Given the state of the PKS network it is perfectly acceptable
> to use it.  At any rate if the mailsync file is empty it can be used to
> keep the db process from spitting false alarms in the logs.  Mmm,
> looking back at it these alarms are not completely false: it seems there
> is a leak in the tqueue DB when you have no mailsync, I'll have to file
> an issue about that.

Looking forward to the patch.  :)

> Kim Minh.
>
> P.S.: browsing http://code.google.com/p/sks-keyserver/source/browse/ 
> does *not* show all source files, it stops at reconserver.ml.  Am I the
> only one seeing this?

"Files 1 - 100 of 126"

It's not as clear as it could be.

-Phil

_______________________________________________
Sks-devel mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/sks-devel

attachment0 (169 bytes) Download Attachment