The pool is shrinking
Locked
12345
12345
The pool is shrinking
 
|
Re: The pool is shrinking
|
|
On 6/21/19 6:53 AM, Kiss Gabor (Bitman) wrote:
> Dear Kristian, Hi Gabor, > > At this moment there is only 27 members of pool.sks-keyservers.net. > And no more than 3 HKPS server are enlisted. > It is a real possibility that this number drops below 1. > Below 2 is actually the minimum for it to operate due to some gnupg internals. But it is relatively stable on 3-4. > Don't you want to revise your strict policy about issuing certificates? No, issuing certificates to servers not being able to keep up doesn't improve the experience from anyone (the number of complaints I get from users has dropped significantly). And its not really a strict requirement, one can set up VMs / chroots for it on a relatively small server. -- ---------------------------- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk ---------------------------- Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 ---------------------------- Corruptissima re publica plurimæ leges The greater the degeneration of the republic, the more of its laws _______________________________________________ Sks-devel mailing list [hidden email] https://lists.nongnu.org/mailman/listinfo/sks-devel |
signature.asc (499 bytes)
Re: The pool is shrinking
|
|
Re: The pool is shrinking
|
|
On 6/21/19 2:43 PM, Daniel Roesler wrote:
> I'd love to keep my server in the pool consistently, but until > Issue #61 is resolved[1], my server will spike to 100% CPU for > several minutes and become unresponsive as it tries to deal with > the huge troll keys. Sure, but this isn't an issue if you have multi-node cluster as the other servers will never recon at the same time, hence the requirement for hkps. > Running a server in the pool is no longer > a hobby project, and you have to constantly be restarting or > reconfiguring your server to keep it running. Not that much, but you need at least 8 GiB of RAM allocated for each node and sufficient swap or recon will often get OOM-killed. -- ---------------------------- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk ---------------------------- Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 ---------------------------- Corruptissima re publica plurimæ leges The greater the degeneration of the republic, the more of its laws _______________________________________________ Sks-devel mailing list [hidden email] https://lists.nongnu.org/mailman/listinfo/sks-devel |
Re: The pool is shrinking
|
|
--- Hendrik Visage HeViS.Co Systems Pty Ltd
T/A Envisage Systems / Envisage Cloud Solutions +27-84-612-5345 or +27-21-945-1192 [hidden email] _______________________________________________ Sks-devel mailing list [hidden email] https://lists.nongnu.org/mailman/listinfo/sks-devel |
Re: The pool is shrinking
|
|
In reply to this post by Daniel Roesler
As a newcomer to the pool, I have to agree.
There are several impediments to becoming a keyserver that just shouldn't be and the need for daily poking at it is just one of those things. There were several times where I was just ready to give up on it. On Fri, 2019-06-21 at 07:43 -0500, Daniel Roesler wrote: > I'd love to keep my server in the pool consistently, but until > Issue #61 is resolved[1], my server will spike to 100% CPU for > several minutes and become unresponsive as it tries to deal with > the huge troll keys. Running a server in the pool is no longer > a hobby project, and you have to constantly be restarting or > reconfiguring your server to keep it running. > > Overall, I think the main reason why the pool has shrunk so much > is because of this issue. > -- Dr Everett (Skip) Carter [hidden email] Taygeta Scientific Inc 607 Charles Ave Seaside CA 93955 831-641-0645 x103 _______________________________________________ Sks-devel mailing list [hidden email] https://lists.nongnu.org/mailman/listinfo/sks-devel |
Re: The pool is shrinking
|
|
> On Jun 21, 2019, at 8:00 AM, Skip Carter <[hidden email]> wrote:
> > Signed PGP part > As a newcomer to the pool, I have to agree. > There are several impediments to becoming a keyserver that just > shouldn't be and the need for daily poking at it is just one of those > things. There were several times where I was just ready to give up on > it. FWIW - in my experience, once you get things setup & dialed-in there is no need for daily poking at it. My load balanced pools have been running for months with only the occasional intervention required by me. > On Jun 21, 2019, at 6:21 AM, Hendrik Visage <[hidden email]> wrote: > > The word “cluster” there is the “problem” for hobby setups: we now have to source at least 2x 8GB RAM VMs, where the previous single 2-4GB VMs were sufficient to keep going I can understand the frustration, but things change and in the current state of the SKS network more resources are required. I’d also say the idea of this being a “hobby” is in direct opposition to this being a public, production service that people rely on which IMO would always dictate at least 3 nodes for redundancy. > On Jun 21, 2019, at 12:33 AM, Kristian Fiskerstrand <[hidden email]> wrote: > > No, issuing certificates to servers not being able to keep up doesn't > improve the experience from anyone (the number of complaints I get from > users has dropped significantly). And its not really a strict > requirement, one can set up VMs / chroots for it on a relatively small > server. This could mean that people are having less issues with the HKPS pool, but it’s also possible there are other reasons for a decrease in complaints. Personally, I switched my systems (and the systems of users I support) away from using the HKPS pool in favor of using my server(s) due to the ongoing complaints about intermittent availability & performance issues in the HKPS pool. That’s not meant as a dig on your approach, just letting you know my experience. On the contrary, I found you to be quite responsive last September when I reported a major issue with 2/3 of the servers in the HKPS pool generating 502 errors. -T _______________________________________________ Sks-devel mailing list [hidden email] https://lists.nongnu.org/mailman/listinfo/sks-devel |
Re: The pool is shrinking
|
|
Most of the keyservers support HKPS if you point to them directly...
hkps://keyserver.mattrude.com hkps://zuul.rediris.es hkps://pgpkeys.urown.net hkps://pgp.philihp.com I, for one, have also been doing what you did Todd, and switched my systems over to my own keyserver, because: (A) I know for a fact I am not logging key requests, but there is no way for one to know this unless they operate their own keyserver. (B) I choose trust standard root CAs, which are known to be well-audited, and can get a free cert through LetsEncrypt (C) Even if I could get a cert with Kristian's self-signed CA, I have no assurance that it hasn't been compromised. That said, I will honestly soon switch over to hkps://keys.openpgp.org because I believe people should have a right to request their identity be removed from the network. On 2019-06-21T12:22:57Z, Todd Fleisher wrote: >> On Jun 21, 2019, at 8:00 AM, Skip Carter <[hidden email]> wrote: >> >> Signed PGP part >> As a newcomer to the pool, I have to agree. >> There are several impediments to becoming a keyserver that just >> shouldn't be and the need for daily poking at it is just one of those >> things. There were several times where I was just ready to give up on >> it. > >FWIW - in my experience, once you get things setup & dialed-in there is no need for daily poking at it. My load balanced pools have been running for months with only the occasional intervention required by me. > >> On Jun 21, 2019, at 6:21 AM, Hendrik Visage <[hidden email]> wrote: >> >> The word “cluster” there is the “problem” for hobby setups: we now have to source at least 2x 8GB RAM VMs, where the previous single 2-4GB VMs were sufficient to keep going > >I can understand the frustration, but things change and in the current state of the SKS network more resources are required. I’d also say the idea of this being a “hobby” is in direct opposition to this being a public, production service that people rely on which IMO would always dictate at least 3 nodes for redundancy. > >> On Jun 21, 2019, at 12:33 AM, Kristian Fiskerstrand <[hidden email]> wrote: >> >> No, issuing certificates to servers not being able to keep up doesn't >> improve the experience from anyone (the number of complaints I get from >> users has dropped significantly). And its not really a strict >> requirement, one can set up VMs / chroots for it on a relatively small >> server. > >This could mean that people are having less issues with the HKPS pool, but it’s also possible there are other reasons for a decrease in complaints. Personally, I switched my systems (and the systems of users I support) away from using the HKPS pool in favor of using my server(s) due to the ongoing complaints about intermittent availability & performance issues in the HKPS pool. That’s not meant as a dig on your approach, just letting you know my experience. On the contrary, I found you to be quite responsive last September when I reported a major issue with 2/3 of the servers in the HKPS pool generating 502 errors. > >-T > >_______________________________________________ >Sks-devel mailing list >[hidden email] >https://lists.nongnu.org/mailman/listinfo/sks-devel _______________________________________________ Sks-devel mailing list [hidden email] https://lists.nongnu.org/mailman/listinfo/sks-devel |
Re: The pool is shrinking
|
|
In reply to this post by Todd Fleisher
On Fri, 2019-06-21 at 12:22 -0700, Todd Fleisher wrote:
> FWIW - in my experience, once you get things setup & dialed-in there > is no need for daily poking at it. My load balanced pools have been > running for months with only the occasional intervention required by > me. What do you do for log management ? -- Dr Everett (Skip) Carter [hidden email] Taygeta Scientific Inc 607 Charles Ave Seaside CA 93955 831-641-0645 x103 _______________________________________________ Sks-devel mailing list [hidden email] https://lists.nongnu.org/mailman/listinfo/sks-devel |
Re: The pool is shrinking
|
|
SKS logs to syslog, so it gets picked up by log rotate automatically. As for the DB itself, make sure you put the sample DB_CONFIG file in place in your KDB/DB and PTree directories before you started the SKS DB process to handle the DB log files. _______________________________________________ Sks-devel mailing list [hidden email] https://lists.nongnu.org/mailman/listinfo/sks-devel |
Re: The pool is shrinking
|
|
Re: The pool is shrinking
|
|
Re: The pool is shrinking
|
|
Re: The pool is shrinking
|
|
Re: The pool is shrinking
|
|
Re: The pool is shrinking
|
|
Re: The pool is shrinking
|
|
Re: The pool is shrinking
|
|
Re: The pool is shrinking
|
|
You're also assuming all admins are subject to GDPR.
Travis On 8/13/2019 8:56 AM, [hidden email] wrote: > Also would like to point out that this is Kristian covering his own ass not the admins! > > Please read it again! > > Yakamo > > > On Tue, 13 Aug 2019 15:46:39 +0200 > Tobias Frei <[hidden email]> wrote: > >> Hi Yakamo, >> >> Have you already seen these two messages? >> >> https://lists.nongnu.org/archive/html/sks-devel/2019-02/msg00070.html >> >> https://lists.nongnu.org/archive/html/sks-devel/2019-03/msg00026.html >> >> Best regards >> Tobias Frei >> >> Am 13.08.19 um 15:41 schrieb [hidden email]: >>> Hi Boti, >>> >>> SKS servers are breaking the GDPR in multiple ways, its just a matter of time before something happens. >>> >>> All it would take is one motivated person and things get serious real quick. >>> >>> Especially i would say right now for the admin of mattrude or any others allowing the free distribution to any third party of the keys via dumps, without user consent which doesnt work with the GDPR at all, this is sure to turn to a nightmare real fast for those admins. >>> >>> Yakamo >>> >>> >>> On Tue, 13 Aug 2019 09:02:20 +0200 >>> [hidden email] wrote: >>> >>>> In many country of EU there were a period of patience to let firms fully covers their GDPR implementation. >>>> >>>> However we have GDPR in effect last two years but authorities still had a so called "soft" penalty or no penalty just warn practice which is nearly over. >>>> >>>> In mid and longer term the penalty fees will be harmonized. Today every country has its own penalty fees and penalty practice. >>>> >>>> There is no more exceptions anymore such as it is technically impossible to delete data, etc. >>>> >>>> So will the blockchain illegal among with sks in EU if stored data has PI records? >>>> >>>> Cheers, >>>> Boti >> _______________________________________________ >> Sks-devel mailing list >> [hidden email] >> https://lists.nongnu.org/mailman/listinfo/sks-devel > _______________________________________________ Sks-devel mailing list [hidden email] https://lists.nongnu.org/mailman/listinfo/sks-devel |
Re: The pool is shrinking
|
|
| Free forum by Nabble | Edit this page |