Steffen Kaiser
2018-07-04 11:01:38 UTC
On Thu, 28 Jun 2018, Hendrik Visage wrote:
Hi,
I am looking for peers for a new SKS keyserver installation.
I am running SKS version 1.1.6-4 (Debian stretch), on sks.infcs.de. We are
an university and the server is installed for local access and to feed
another local-only keyserver, which distributes local keys from WKD to
keyserver-only clients. The server is physically located in Germany (EU)
on the DFN. The machine has *no* IPv6 connectivity.
I have loaded a keydump from https://pgp.key-server.io/sks-dump/, dated
2018-06-29.
I see NNNNNNN keys loaded.
For operational issues, please contact me directly.
sks.infcs.de 11370 # Steffen Kaiser <***@infcs.de>
5119CB3603B258AAC1EBA7A723A371DE9ABC764F
Thank you,
states that: "Unless recon is enabled in both directions, the key delta
will inevitably grow to the point that recon will fail."
That means, recon / gossip is not possible and updates via email is the
only option left.
email updates don't work as well. I set up three systems with a SKS system
+ system A and system B are configured to gossip with each other, thus,
simulating the normal outside SKS peers / SKS cloud,
+ system C is my local installation, that must not talk to the outside,&
+ system B sync's via mail to system C (oneway).
If I upload a key to system B, it is sync'ed to C. If I upload a key to
system A, it is sync'ed to B, but not forwared to C. So, mailsync is out
as well.
I also got the feeling that the mailsync was meant for when a key is *directly* uploaded to a server, it is emailed out, not when it receives keys via the recon/whisper partners (Else every one will sent out emails with each and every sync, ie. >100mails/daysâŠ)
I think the (wish list) option to have a 1-way sync setting, ie. Any and all keys you receive, you forward in that direction, no matter whether that server have the key or not, ie. no-recon/whisper, just: âIâve received this key, here it isâ
- --
Steffen Kaiser
Hi,
I am looking for peers for a new SKS keyserver installation.
I am running SKS version 1.1.6-4 (Debian stretch), on sks.infcs.de. We are
an university and the server is installed for local access and to feed
another local-only keyserver, which distributes local keys from WKD to
keyserver-only clients. The server is physically located in Germany (EU)
on the DFN. The machine has *no* IPv6 connectivity.
I have loaded a keydump from https://pgp.key-server.io/sks-dump/, dated
2018-06-29.
I see NNNNNNN keys loaded.
For operational issues, please contact me directly.
sks.infcs.de 11370 # Steffen Kaiser <***@infcs.de>
5119CB3603B258AAC1EBA7A723A371DE9ABC764F
Thank you,
http://lists.nongnu.org/archive/html/sks-devel/2018-06/msg00032.html
hope this helps
yes, http://lists.nongnu.org/archive/html/sks-devel/2018-06/msg00041.htmlhope this helps
states that: "Unless recon is enabled in both directions, the key delta
will inevitably grow to the point that recon will fail."
That means, recon / gossip is not possible and updates via email is the
only option left.
+ system A and system B are configured to gossip with each other, thus,
simulating the normal outside SKS peers / SKS cloud,
+ system C is my local installation, that must not talk to the outside,&
+ system B sync's via mail to system C (oneway).
If I upload a key to system B, it is sync'ed to C. If I upload a key to
system A, it is sync'ed to B, but not forwared to C. So, mailsync is out
as well.
I think the (wish list) option to have a 1-way sync setting, ie. Any and all keys you receive, you forward in that direction, no matter whether that server have the key or not, ie. no-recon/whisper, just: âIâve received this key, here it isâ
Steffen Kaiser