Discussion:
[Sks-devel] Withdrawal of service: keys2.flanga.io & keys3.flanga.io
Moritz Wirth
2018-07-17 12:17:47 UTC
Permalink
Hi,

keys2.flanga.io and keys3.flanga.io will cease operation immediately,
given the latest problems.

keys.flanga.io will remain online as long as it runs stable and the
required disk space does not exceed my limits (database capacity has
almost tripled when switching to hockeypuck and is now about 37GB...)
and the bandwith consumption stays on a resonable level - I almost spent
a terabyte only for peering with other servers and I don't think it's
reasonable for a few hundred keys per day...

All peers are asked to remove keys2.flanga.io from their peering list
(or replace it with keys.flanga.io) - keys3.flanga.io was never actively
peered. FYI, Peers for keys.flanga.io are not listed on the
sks-keyservers pages anymore.

Best Regards,

Moritz
Fabian A. Santiago
2018-07-19 14:28:07 UTC
Permalink
Post by Moritz Wirth
Hi,
keys2.flanga.io and keys3.flanga.io will cease operation immediately,
given the latest problems.
keys.flanga.io will remain online as long as it runs stable and the
required disk space does not exceed my limits (database capacity has
almost tripled when switching to hockeypuck and is now about 37GB...)
and the bandwith consumption stays on a resonable level - I almost spent
a terabyte only for peering with other servers and I don't think it's
reasonable for a few hundred keys per day...
All peers are asked to remove keys2.flanga.io from their peering list
(or replace it with keys.flanga.io) - keys3.flanga.io was never actively
peered. FYI, Peers for keys.flanga.io are not listed on the
sks-keyservers pages anymore.
Best Regards,
Moritz
_______________________________________________
Sks-devel mailing list
https://lists.nongnu.org/mailman/listinfo/sks-devel
it really irks me that it has to come to this with so many keyservers
dropping offline. sad to see you go. thanks. i wish i was a developer so
i could help this community along more substantially than just simply
running a keyserver myself. such is life...
--
Fabian S.

OpenPGP:

0x643082042DC83E6D94B86C405E3DAA18A1C22D8F (new key)

***

0x3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC (to be retired, still valid)
Martin Dobrev
2018-07-19 14:52:36 UTC
Permalink
It's sad to see you going. I've removed the servers from my membership
file yet I see that you've removed keyserver.dobrev.eu from your list
too. Is there a particular reason for that or you were just attempting
to protect yourself during the attack?
Post by Moritz Wirth
Hi,
keys2.flanga.io and keys3.flanga.io will cease operation immediately,
given the latest problems.
keys.flanga.io will remain online as long as it runs stable and the
required disk space does not exceed my limits (database capacity has
almost tripled when switching to hockeypuck and is now about 37GB...)
and the bandwith consumption stays on a resonable level - I almost spent
a terabyte only for peering with other servers and I don't think it's
reasonable for a few hundred keys per day...
All peers are asked to remove keys2.flanga.io from their peering list
(or replace it with keys.flanga.io) - keys3.flanga.io was never actively
peered. FYI, Peers for keys.flanga.io are not listed on the
sks-keyservers pages anymore.
Best Regards,
Moritz
_______________________________________________
Sks-devel mailing list
https://lists.nongnu.org/mailman/listinfo/sks-devel
Moritz Wirth
2018-07-19 15:46:20 UTC
Permalink
Hi Martin, 

are you talking about keys.flanga.io or keys2.flanga.io? keys.flanga.io
does still peer, however sks-keyservers does not recognize the peers due
to different structures of the /pks/lookup?op=stats&options=mr file -
this should not affect the peering itself and keyserver.dobrev.eu is
still listed in my peering file (and it looks like peering works:
time="2018-07-19T15:00:04UTC" level=debug msg="hashquery response from
\"keyserver.dobrev.eu:11371\": 8 keys found") . keys2.flanga.io has been
disabled so it does not peer anymore ;)

The main reason for disabling keys2.flanga.io and keys3.flanga.io was
the heavy resource consumption - one point was traffic (thanks to the
amount of keys with 30MB+) and the other one was the CPU utilization of
the database. I monitored the uptime of the sks webserver every 30
seconds and it crashed every 2-5 minutes. While I am happy to contribute
to this project, I don't see a reason in operating something that only
works 60% of the time.

I would rather consider the recent "attacks" as severe bugs than attacks
(though handling these bugs has miserably failed) and the recent patches
are only a drop in the ocean. Let's be honest, SKS is not maintained and
it probably never will, and it's simply frustrating running a keyserver
that never will work as expected.

However, keys.flanga.io will probably continue operation with Hockeypuck
- though it has its own bugs, it's way faster and reliable than SKS.

Best Regards,

Moritz
Post by Martin Dobrev
It's sad to see you going. I've removed the servers from my membership
file yet I see that you've removed keyserver.dobrev.eu from your list
too. Is there a particular reason for that or you were just attempting
to protect yourself during the attack?
Post by Moritz Wirth
Hi,
keys2.flanga.io and keys3.flanga.io will cease operation immediately,
given the latest problems.
keys.flanga.io will remain online as long as it runs stable and the
required disk space does not exceed my limits (database capacity has
almost tripled when switching to hockeypuck and is now about 37GB...)
and the bandwith consumption stays on a resonable level - I almost spent
a terabyte only for peering with other servers and I don't think it's
reasonable for a few hundred keys per day...
All peers are asked to remove keys2.flanga.io from their peering list
(or replace it with keys.flanga.io) - keys3.flanga.io was never actively
peered. FYI, Peers for keys.flanga.io are not listed on the
sks-keyservers pages anymore.
Best Regards,
Moritz
_______________________________________________
Sks-devel mailing list
https://lists.nongnu.org/mailman/listinfo/sks-devel
Loading...