pool membership

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

pool membership

Brian Minton
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Now that I've cleaned out my membership file, and I'm gossiping with all my
peers, I seem to have caught up with the pool.  However, my key server,
keyserver.brian.minton.name, does not appear in the pool status page. Not even
in the "Servers currently not in the pool" section.  I thought it would
automatically show up.  Any thoughts?

thanks,
- --
Brian Minton
brian at minton dot name http://brian.minton.name
Live long, and prosper longer!
OpenPGP fingerprint = 8213 71DD 4665 CF4F AE20  2206 0424 DC19 B678 A1A9
-----BEGIN PGP SIGNATURE-----

iF4EARYIAAYFAlfywG8ACgkQN7lQes/yAW4JlwD/YRaLarjacAPEcAbuxn7bDGoz
M2q5I3h4VyVlDVb4Bs0BALBmSoAx8L1skSn3USBgLvJGnzUlVQ8LDRAUGxW+KmME
iF4EAREIAAYFAlfywHUACgkQa46zoGXPuqmSZQD/QN9gbf+KKDqEqAEz8vC4SM1S
54/LIOjjoGv4PnKjDnEA/2HAVyE+cnHYtYYNFGTa7bPJVo98C0XSciurDU+GWUy5
=DqPM
-----END PGP SIGNATURE-----

_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: pool membership

Kristian Fiskerstrand-6
On 10/03/2016 10:33 PM, Brian Minton wrote:
> Now that I've cleaned out my membership file, and I'm gossiping with all my
> peers, I seem to have caught up with the pool.  However, my key server,
> keyserver.brian.minton.name, does not appear in the pool status page. Not even
> in the "Servers currently not in the pool" section.  I thought it would
> automatically show up.  Any thoughts?

Removed it from exclude list..

--
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
"A committee is a group that keeps minutes and loses hours."
(Milton Berle)


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (465 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: pool membership

Valentin Sundermann
In reply to this post by Brian Minton
> However, my key server,
> keyserver.brian.minton.name, does not appear in the pool status page. Not even
> in the "Servers currently not in the pool" section.  I thought it would
> automatically show up.  Any thoughts?
Your keyserver is on the exclusion list at Kristian's scanner[1]. I
think when somebody uploaded the cloned strong set to the keyserver
network[2], it was your server which got hit with it.
These issues should be over and so I guess Kristian will remove you from
this list when he reads it.

Best regards,
Valentin


[1]
https://git.sumptuouscapital.com/?p=sks-keyservers-pool.git;a=commit;h=09bdbef727a2694ae6df399736aaa4656cbeffee
[2] https://lists.nongnu.org/archive/html/sks-devel/2016-08/msg00019.html


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (817 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: pool membership

Michael Jones
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 03/10/16 21:44, Valentin Sundermann wrote:

>> However, my key server,
>>> keyserver.brian.minton.name, does not appear in the pool status
>>> page. Not even in the "Servers currently not in the pool"
>>> section.  I thought it would automatically show up.  Any
>>> thoughts?
> Your keyserver is on the exclusion list at Kristian's scanner[1].
> I think when somebody uploaded the cloned strong set to the
> keyserver network[2], it was your server which got hit with it.
> These issues should be over and so I guess Kristian will remove you
> from this list when he reads it.
>
> Best regards, Valentin

Interesting,

Would it be of any value to introduce rate limiting on my set? maybe
limit an ip after 100 new keys in 30 mins?

(Lots of southern europe isp's nat through a single ip), so whatever
the trigger limit it would have to be a high one. Once the initial
trigger is hit it would be able to either slow down or disable
uploading of keys from that ip for said time period.

Even coming over tor or another distributed network to spam the
service would cause a headache?

Is there any value in looking into this?

Or perhaps this would be more appropriate as a possible future feature
of the sks keyserver source?

Whatever the solution would need to be easily implemented on all peers.

Just some thoughts...

Kind Regards,
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJX8siVAAoJEOYwtpHNe8FmrQAH/iE0rsKLztModP7rnBd07C3e
PTppzo+WHRskyPrJ8AzAYeG9xvX4rQibYsjjX9+KHbZDx5D1p/q45icYivEnoxSy
Y3AaM5BfPI5Cw+MHwVgEhd13NvwQojRyjqp1XGOb4+Nu+dlf38ejuyLxK0/fDTkX
wgmbER7ItPVABZJPA7FgXH+sfJZyjl0U47BiaJ4pUMyUzXVUpHC7NkH3due84Ip8
QWmisJ15h2rKjSwQpLaB2QUlgwFcV3bywRcR4+K7MMC/sdmk2ugC4JFbxcq9qOjO
Qu8i/xRo4qRjok4EnbS5O188bUznccmTIwY6mNH70zOUHQv1BVm/eOjCvq8MDbY=
=ZV6l
-----END PGP SIGNATURE-----

_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: pool membership

Kristian Fiskerstrand-6
On 10/03/2016 11:07 PM, Michael Jones wrote:
> Or perhaps this would be more appropriate as a possible future feature
> of the sks keyserver source?

The underlying issue was non-gossiping of the particular server, not
something related to SKS per se (in this case caused by wrong config for
/pks/hashquery POST (HTTP/1.1 502 Proxy Error)  requests on the reported
HTTP port as communicated with the operator)

--
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
"A ship is safe in harbour, but that's not what ships are for"
(Will Shedd)


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (465 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: pool membership

Kristian Fiskerstrand-6
On 10/03/2016 11:22 PM, Kristian Fiskerstrand wrote:
> On 10/03/2016 11:07 PM, Michael Jones wrote:
>> Or perhaps this would be more appropriate as a possible future feature
>> of the sks keyserver source?
>
> The underlying issue was non-gossiping of the particular server, not
> something related to SKS per se (in this case caused by wrong config for
> /pks/hashquery POST (HTTP/1.1 502 Proxy Error)  requests on the reported
> HTTP port as communicated with the operator)
>

You see the results of this in the [key development charts] btw, the
server got hit with high number of keys, not gossipping it to the rest
of the network so it got the max key count of the day. Then server
dropped out for various reasons, resulting in negative growth, then
showed up again... and bouncy bounce..

References:
[key development charts]
https://sks-keyservers.net/status/key_development.php
--
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
"A ship is safe in harbour, but that's not what ships are for"
(Will Shedd)


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (465 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: pool membership

Brian Minton
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

How often do the scripts re-scan a host?
-----BEGIN PGP SIGNATURE-----

iF4EARYIAAYFAlfzFykACgkQN7lQes/yAW5RagD/bKOs7soR7zuhJjghWMVLGMC7
F/0rReQ2WRcaVXbzCpEBANwwNLi2L+nAI3N0lIraBcnq7jWHD8nhL6eeWEYpJfcO
iF4EAREIAAYFAlfzFykACgkQa46zoGXPuqm0TQD/WJBMrWtLTlNUw4BIoKsyNjRa
5HXJ75axP9X9OqSK08oA/1wrbHPIfQN6U6GerHlkh2N9sLMc9Z8x67mv8WOoZKDf
=MEs+
-----END PGP SIGNATURE-----

_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: pool membership

Antony Prince
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On October 3, 2016 10:43:21 PM EDT, Brian Minton <[hidden email]> wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA256
>
>How often do the scripts re-scan a host?
>-----BEGIN PGP SIGNATURE-----
>
>iF4EARYIAAYFAlfzFykACgkQN7lQes/yAW5RagD/bKOs7soR7zuhJjghWMVLGMC7
>F/0rReQ2WRcaVXbzCpEBANwwNLi2L+nAI3N0lIraBcnq7jWHD8nhL6eeWEYpJfcO
>iF4EAREIAAYFAlfzFykACgkQa46zoGXPuqm0TQD/WJBMrWtLTlNUw4BIoKsyNjRa
>5HXJ75axP9X9OqSK08oA/1wrbHPIfQN6U6GerHlkh2N9sLMc9Z8x67mv8WOoZKDf
>=MEs+
>-----END PGP SIGNATURE-----
>
>_______________________________________________
>Sks-devel mailing list
>[hidden email]
>https://lists.nongnu.org/mailman/listinfo/sks-devel

I think it's once per hour IIRC. Been a while since my server was up, so I might be wrong on that one.
-----BEGIN PGP SIGNATURE-----

iQJCBAEBCgAsJRxBbnRvbnkgUHJpbmNlIDxhbnRvbnlAYmxhenJzb2Z0LmNvbT4F
AlfzIC0ACgkQrz1AhzAbGxlGrhAAoxo/Yjgxkr9FQgrIKvljzEmgGYedwbFxe7BG
F8t2HrpXjzny0qBCT3nZP9xVC7ADOu8zfj+crShFloIPCAYNhOU/2rU2/MtWgdfJ
8qzmw6q0XTx70boCxxy6WLuc5/wrWPcVs/oBaS425Jy1FEU0inX0l/YGPxejWIw2
+UXWLtN49tFGc++LNK4XKtCW2C+pjHVNdqYRkj2x/HsyBKwHh+pWvmwUlTg31Up5
W4LJ0zsySQpkOuheDjmJlsSNN1kxxh4MvbAbzQzIm5mwvwr7xxGI1WFizgsyce0J
/eo/ffVP3ScWRpxkCMyJJ9ZSgmbVxBwm754gdcVQHJz2Q9l6YLCO2aa6shLE8X3E
AsaDKOFj1BuNo9oFReDODb+2fggimjfarG+fwJlTvAF9Mcjxq2QXQW2l6WQmeNDn
qG5kcgfdLtaQPQFS+LyMEnFySBVaGZTyHnGpuQQO1hQKnHs1wfziR3sozGHDGvbD
2Rql6R1F5nDI4wHzGiJDcCboDj0gUx2kg29gDqt31//+9X6U1QP57Wt/HHl5qKXf
VeUx4Vu/2mQYiYLjC9dZLyP9g45khB6mfq5zZbgHww4nrDNnGlXKq8QADD+SaPrk
HN74CQD6lR4uN30UUKaaxNcvj47SKjAzjnB3wiMeA+zbx8IvbC+b0W/wh3gwxDZY
7oM11Os=
=79Nc
-----END PGP SIGNATURE-----


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: pool membership

Danny Horne
In reply to this post by Brian Minton
On 04/10/2016 3:43 am, Brian Minton wrote:
> How often do the scripts re-scan a host?


Every hour (when it's up ;) )


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (836 bytes) Download Attachment