Discussion:
[Sks-devel] seeking peers for pgp.securitytext.org
PGP Key Server Administrator
2018-03-13 01:11:23 UTC
Permalink
Hi,

I am looking for peers for a new SKS keyserver installation.

I am running SKS version 1.1.5, on pgp.securitytext.org.
We are a registry for security.txt files, which utilize OpenPGP keys.
The server is physically located in California (US).
The machine has IPv6 connectivity.

I have loaded a keydump from MattRude
(http://keyserver.mattrude.com/dump/), dated 2018-03-06.
I see 4,977,036 keys loaded. Stats here:
https://pgp.securitytext.org/pks/lookup?op=stats

For operational issues, please contact us directly.
ipv4.pgp.securitytext.org 11370 # PGP Key Server Administrator
C10A3C1E4B33BF91C5ABA88B2EFE4865169508A9ipv6.pgp.securitytext.org
11370 # PGP Key Server Administrator
C10A3C1E4B33BF91C5ABA88B2EFE4865169508A9dualstack.pgp.securitytext.org
11370 # PGP Key Server Administrator
C10A3C1E4B33BF91C5ABA88B2EFE4865169508A9

Thank you,
- -securitytext.org
PGP Key Server Administrator
2018-03-13 04:51:14 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Apologies for the incorrect member entries. Corrected ones below:
ipv4.pgp.securitytext.org 11370 # PGP Key Server Administrator
<***@securitytext.org> 0x169508A9ipv6.pgp.securitytext.org 11370 # PGP
Key Server Administrator <***@securitytext.org>
0x169508A9dualstack.pgp.securitytext.org 11370 # PGP Key Server
Administrator <***@securitytext.org> 0x169508A9

Thank you,
- - securitytext.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEwQo8Hkszv5HFq6iLLv5IZRaVCKkFAlqnWJwACgkQLv5IZRaV
CKnuHg//Q7Q2LYkS8mJRjLCfBORMdgZ/7SFG18VeIcIxar28Wng1RTdIPxja/Yu9
cGfp9WVZkimTAL06tjxNG010emJPglC0g1s/irh/ecY6+QfFgwnSImcGvrEg1To9
R918GFjRPdWD58/jWx1yxzuuqgQKZghiDI9oWtkpnsbQ49DckEx1xEzR399LgPNE
BOSnxcU3njVUHTLZXBItSLlrvCP5bDl5a6Ijv3WAU/V34WIQs6ClOVEcoHPB21hD
Y8otNbpmIYH2Jys1LC/jONksW0dm4r+PtNpFo+8g/+viu0IC4eGnLQ4SFjo/kdDN
+D6Chgt/pqanYhhobUTL+9r6iqoFk8SDsIUDfUvN44JhbD4pZN+PHv0xZmsvQBv2
t3mR5JSJ4620o/qpoZc+NlpCIM5TwLbzw+XUux/eccwvcMz/BYC2A7u8x1gRb7tV
wWmbvSo9FnW6sPY/Jc7AQk4GXfs76/DT0yS91cp516CylDeXYFlNCccQQtIh71/u
K+8/sNR6E9vTWGmi4bvhf4pLHWk3LglF8lVQoqSyHTVVLJ1XD0xURJBlqesIeQed
1EzBQm7iTziFhIoqEbg6xszGRQmS74AMYKhFOxkeDN4ujv6WMqok2LO6vMTNo7eC
2TZO0VvmbsuSrv7bs3OzhAuQh5YLz4zqPmaAXaF09gOO3nam9+8=
=4cXN
-----END PGP SIGNATURE-----



On Mon, Mar 12, 2018 at 6:11 PM, PGP Key Server Administrator <
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi,
I am looking for peers for a new SKS keyserver installation.
I am running SKS version 1.1.5, on pgp.securitytext.org.
We are a registry for security.txt files, which utilize OpenPGP keys.
The server is physically located in California (US).
The machine has IPv6 connectivity.
I have loaded a keydump from MattRude (http://keyserver.mattrude.com/dump/), dated 2018-03-06.
I see 4,977,036 keys loaded. Stats here: https://pgp.securitytext.org/pks/lookup?op=stats
For operational issues, please contact us directly.
ipv4.pgp.securitytext.org 11370 # PGP Key Server Administrator C10A3C1E4B33BF91C5ABA88B2EFE4865169508A9ipv6.pgp.securitytext.org 11370 # PGP Key Server Administrator C10A3C1E4B33BF91C5ABA88B2EFE4865169508A9dualstack.pgp.securitytext.org 11370 # PGP Key Server Administrator C10A3C1E4B33BF91C5ABA88B2EFE4865169508A9
Thank you,
- -securitytext.org
-----BEGIN PGP SIGNATURE-----
Version: Mailvelope v2.2.0
Comment: https://www.mailvelope.com
wsFcBAEBCAAQBQJapyUtCRAu/khlFpUIqQAA4YIQAKuCOtBdsW/gyFTwMigY
5Je2Nfl8ZTA8dPb1HJfcS6qhxrpIq5R1trLXVVLukGrAYgpQJ6xERz1zZk1B
L4Z9bYTjz6WnWUaMF1MstI6drTFmf76oRoT24x6XrWq4O5gfi8OrkpueaGdD
4B/LUxvi59uwOZVgBCC6ZhCEAcGtH1kE9BFI87RkJYRz9Nf6KXg6fLWtfsK6
KMl93waYaWwd4VHsNJX3GKnmw8y+5tohXOg3MQTSuGc4Likh4GZb5SQwyesO
j/d9qot4MWyI2etBM57qWbPgqcW6ueJ6gEsYRUOlzyr7FxyHC/xFPBeQxOfa
jROCvqG5rels/JXSDu8jKbarGCOvUA+oOqaet8yhszMGO3uCXsDA7eHIug/k
5Ui/eDvYoAZfhtk6emAzQbPOJc47BDs6DCMq316uypvAe0kP6+gQQQtz0KcT
q6Jn348DxWu+GZ5Af5NW2InqrqpfBv6728jpGAd9ujhLzhMJlIPupup4vG+M
BuU/4IBPUgFXblyumSx+4A/JY00AXQrKlJLNaUBEZLWkR63AjocWd8vdsCTU
WMdI3vLDepQcs6eAp8JX+f9k4fYYE80QNFvIAwiOWIfFNTbPmnmZgb8akLR1
sJiZDtvROfV48jSZDM1P7ShUpLEcUA+yY+daOa9JHnJhth8kChw14L/lWkeq
Xxgd
=suv+
-----END PGP SIGNATURE-----
Alain Wolf
2018-03-13 05:54:17 UTC
Permalink
Hello PGP Key Server Administrator

I don't think this setup will make it into the pool:

* pgp.securitytext.org points to a Cloudflare IP, which does not answer
to OpenPGP clients on TCP port 11371.
* I can't connect to dualstack.pgp.securitytext.org, neither on TCP
port 11370 nor 11371
Post by PGP Key Server Administrator
Thank you,
- securitytext.org <http://securitytext.org>
On Mon, Mar 12, 2018 at 6:11 PM, PGP Key Server Administrator
Hi,
I am looking for peers for a new SKS keyserver installation.
I am running SKS version 1.1.5, on pgp.securitytext.org <http://pgp.securitytext.org>.
We are a registry for security.txt files, which utilize OpenPGP keys.
The server is physically located in California (US).
The machine has IPv6 connectivity.
I have loaded a keydump from MattRude (http://keyserver.mattrude.com/dump/
<http://keyserver.mattrude.com/dump/>), dated 2018-03-06.
I see 4,977,036 keys loaded. Stats here: https://pgp.securitytext.org/pks/lookup?op=stats
<https://pgp.securitytext.org/pks/lookup?op=stats>
For operational issues, please contact us directly.
ipv4.pgp.securitytext.org <http://ipv4.pgp.securitytext.org> 11370 # PGP Key Server Administrator C10A3C1E4B33BF91C5ABA88B2EFE4865169508A9
ipv6.pgp.securitytext.org <http://ipv6.pgp.securitytext.org> 11370 # PGP Key Server Administrator C10A3C1E4B33BF91C5ABA88B2EFE4865169508A9
dualstack.pgp.securitytext.org <http://dualstack.pgp.securitytext.org> 11370 # PGP Key Server Administrator C10A3C1E4B33BF91C5ABA88B2EFE4865169508A9
Thank you,
- -securitytext.org <http://securitytext.org>
Regards

Alain
--
pgpkeys.urown.net 11370 # <***@urown.net> 0x27A69FC9A1744242
Hendrik Visage
2018-03-13 06:24:07 UTC
Permalink
Post by Alain Wolf
Hello PGP Key Server Administrator
* pgp.securitytext.org points to a Cloudflare IP, which does not answer
to OpenPGP clients on TCP port 11371.
Yeah, that definitely won’t work for SKS
Post by Alain Wolf
* I can't connect to dualstack.pgp.securitytext.org, neither on TCP
port 11370 nor 11371
could you connect to the ipv4/ipv6 versions? they are but the separate IPs for dualstack.
This will end up as three different servers in the SKS pool, even though they are the same server? rather just advertise the dualstack, en drop the CloudFlare as already pointed out ;)
Post by Alain Wolf
Post by PGP Key Server Administrator
I am looking for peers for a new SKS keyserver installation.
I am running SKS version 1.1.5, on pgp.securitytext.org <http://pgp.securitytext.org>.
This also won’t make it into the pool. I suspect it’s a Debian/Ubuntu setup? Get the 1.1.6 software that’s needed to make it into the pool.

See https://roll.urown.net/server/pgp-keyserver.html <https://roll.urown.net/server/pgp-keyserver.html> for guides to setup SKS server.
Post by Alain Wolf
Post by PGP Key Server Administrator
We are a registry for security.txt files, which utilize OpenPGP keys.
Something to Google laterz when Ops issues resided :)
PGP Key Server Administrator
2018-03-13 18:09:44 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Thank you so much for your quick feedback Alain & Hendrik. Per your
suggestions (and the super helpful guide), I have gone ahead and changed
the following:

* Upgraded to sks v1.1.6:
https://keyserver.securitytext.org/pks/lookup?op=stats
* Removed Cloudflare; flattened DNS into keyserver.securitytext.org (with
A/AAAA records):
* `dig a keyserver.securitytext.org` => 54.177.40.110
* `dig aaaa keyserver.securitytext.org` =>
2600:1f1c:f79:ab00:e2f2:5d26:bd6d:c13d
* Made available ports: 80, 443, 11370, 11371, 11372.
* Added SRV records for _pgpkey-http/_pgpkey-https:
* `dig srv _pgpkey-http._tcp.keyserver.securitytext.org` => 10 0 11371
keyserver.securitytext.org, 10 0 80 keyserver.securitytext.org
* `dig srv _pgpkey-https._tcp.keyserver.securitytext.org` => 10 0 11372
keyserver.securitytext.org, 10 0 443 keyserver.securitytext.org

I believe these changes cover all the earlier feedback raised, but if I
missed something please don't hesitate to let me know. The corrected*
membership line should be:

keyserver.securitytext.org 11370 # securitytext.org <***@securitytext.org>
0x169508A9

Thanks again for your time.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEwQo8Hkszv5HFq6iLLv5IZRaVCKkFAlqoE8oACgkQLv5IZRaV
CKkOXg/+Nbu95xn7AyqtgWK9LMJcCK9gg8zgt64UhygWtGb2DxUmgDeS6gk3hCa6
dtCxofN+jyd7HU6OpduM0aDEdzkaHa7De62jGIla/uEaBbf1jN4imP4CvxaJaAwn
Rd+fcl8QFP9DNWeR/k501wDURU5RAsOOGkTA5lK+LjmOa0VGC22Aom4cCicLbL9F
Q4wCGMpvhWDK1yZArchw1GVrgIWwO5kJa8rYG/MRZQuUL21y7gSS0YvjXPYxtWUA
HtXDCrEC6d6+IdKMEn7PBAjK7wlWTIIjnJkAzqsyFp6n/0eOQ9ZbJt1pm7/xiqus
dulh8V6rlj2Zpb5CZB/MR/94CfPW7HCO6I3VH2IHeo9g8VQCmGOxniKAfZh2mCUU
IQgFfPTnyEUWitjQbcKJs/xGHXW/M9Okcs8wyrxk9qQr119A3JgwNFl4rPajqWpT
3JNxTgrTlKppC8sSph/+aU1ypo/kVDbf67d2mk02jY9gnvMNgh+eRZNWsM4VLuzB
WZok5oTECS1Ltjqttol81KOClvsFE69i3GdCKTs5LNNJ9f2jrieXRz7Lk69UWYIO
qK6qikd7LpBGvHmCLSAUZKpMwDpejhpm5LQZ1IjjiHp3NcY3tSPVhIUNRgVx8poZ
pp1fuWgrI+SLmuQqBXDwtwAto+ND2wxLMrpAJYL3aiiNBCPit78=
=JF4a
-----END PGP SIGNATURE-----
Post by Alain Wolf
Hello PGP Key Server Administrator
* pgp.securitytext.org points to a Cloudflare IP, which does not answer
to OpenPGP clients on TCP port 11371.
Yeah, that definitely won’t work for SKS
* I can't connect to dualstack.pgp.securitytext.org, neither on TCP
port 11370 nor 11371
could you connect to the ipv4/ipv6 versions? they are but the separate IPs for dualstack.
ipv4.pgp.securitytext.org <http://ipv4.pgp.securitytext.org> 11370 # PGP
ipv6.pgp.securitytext.org <http://ipv6.pgp.securitytext.org> 11370 # PGP
dualstack.pgp.securitytext.org <http://dualstack.pgp.securitytext.org>
This will end up as three different servers in the SKS pool, even though
they are the same server? rather just advertise the dualstack, en drop the
CloudFlare as already pointed out ;)
I am looking for peers for a new SKS keyserver installation.
I am running SKS version 1.1.5, on pgp.securitytext.org <
http://pgp.securitytext.org>.
This also won’t make it into the pool. I suspect it’s a Debian/Ubuntu
setup? Get the 1.1.6 software that’s needed to make it into the pool.
See https://roll.urown.net/server/pgp-keyserver.html for guides to setup
SKS server.
We are a registry for security.txt files, which utilize OpenPGP keys.
Something to Google laterz when Ops issues resided :)
Georg Faerber
2018-03-13 18:34:42 UTC
Permalink
Post by Hendrik Visage
Post by PGP Key Server Administrator
I am running SKS version 1.1.5, on pgp.securitytext.org
<http://pgp.securitytext.org>.
This also won’t make it into the pool. I suspect it’s a Debian/Ubuntu
setup? Get the 1.1.6 software that’s needed to make it into the pool.
Debian ships 1.1.6.

Cheers,
Georg

Loading...