Discussion:
[Sks-devel] Out of the pool
Timothy A. Holtzen
2018-01-23 19:38:15 UTC
Permalink
Hey all,
    It appears that my server gpg.nebrwesleyan.edu has been out of the
pool since yesterday.  Any ideas as to why that might be?  The server is
up and available as far as I can tell and it appears to be gossiping so
it should be caught up on keys.  I'm guessing some issue with the
monitoring system pulling the stats page but I've checked and it is
available from all over the net.
--
Timothy A. Holtzen
Campus Network Administrator
Nebraska Wesleyan University
Public PGP key CFB4 3AE8 B726 DEBF 00D9 CCFC 426E 76AF DABC B3D7
Gabor Kiss
2018-01-23 20:36:38 UTC
Permalink
Post by Timothy A. Holtzen
It appears that my server gpg.nebrwesleyan.edu has been out of the
pool since yesterday.
https://sks-keyservers.net/status/ks-status.php?server=gpg.nebrwesleyan.edu
These statistics were last updated: 2018-01-23 19:35 (UTC)
Status for gpg.nebrwesleyan.edu
Latest status OK

I cannot see any problem. :-)

Gabor
Timothy A. Holtzen
2018-01-23 21:59:33 UTC
Permalink
Really? Because when I hit that link it says my latest status is "Not
OK"  with reason "Not responding".   Yet if I hit the status page from a
site like www.locabrowser.com it appears to be available all over.

Timothy A. Holtzen
Campus Network Administrator
Nebraska Wesleyan University
Public PGP key CFB4 3AE8 B726 DEBF 00D9 CCFC 426E 76AF DABC B3D7
Post by Gabor Kiss
https://sks-keyservers.net/status/ks-status.php?server=gpg.nebrwesleyan.edu
These statistics were last updated: 2018-01-23 19:35 (UTC)
Status for gpg.nebrwesleyan.edu
Latest status OK
I cannot see any problem. :-)
Gabor
Fabian A. Santiago
2018-01-24 12:58:26 UTC
Permalink
Post by Timothy A. Holtzen
Really? Because when I hit that link it says my latest status is "Not
OK" with reason "Not responding". Yet if I hit the status page from a
site like www.locabrowser.com it appears to be available all over.
Timothy A. Holtzen
Campus Network Administrator
Nebraska Wesleyan University
Public PGP key CFB4 3AE8 B726 DEBF 00D9 CCFC 426E 76AF DABC B3D7
Post by Gabor Kiss
https://sks-keyservers.net/status/ks-status.php?server=gpg.nebrwesleyan.edu
These statistics were last updated: 2018-01-23 19:35 (UTC)
Status for gpg.nebrwesleyan.edu
Latest status OK
I cannot see any problem. :-)
Gabor
_______________________________________________
Sks-devel mailing list
https://lists.nongnu.org/mailman/listinfo/sks-devel
You come up ok to me too:

gpg.nebrwesleyan.edu OK 2018-01-24 SKS 1.1.6 4,942,768 OK


--

Thanks,

Fabian S.

OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC
Timothy A. Holtzen
2018-01-24 15:59:34 UTC
Permalink
Interesting,  I think it is actually jumping in and out of the pool.  It
was in briefly yesterday but then when the next check came around it was
back out.  So maybe it is an intermittent problem or there is some kind
of timeout happening.

Timothy A. Holtzen
Campus Network Administrator
Nebraska Wesleyan University
Public PGP key CFB4 3AE8 B726 DEBF 00D9 CCFC 426E 76AF DABC B3D7
Post by Fabian A. Santiago
Post by Timothy A. Holtzen
Post by Gabor Kiss
https://sks-keyservers.net/status/ks-status.php?server=gpg.nebrwesleyan.edu
These statistics were last updated: 2018-01-23 19:35 (UTC)
Status for gpg.nebrwesleyan.edu
Latest status OK
I cannot see any problem. :-)
Gabor
_______________________________________________
Sks-devel mailing list
https://lists.nongnu.org/mailman/listinfo/sks-devel
gpg.nebrwesleyan.edu OK 2018-01-24 SKS 1.1.6 4,942,768 OK
Kiss Gabor (Bitman)
2018-01-26 08:48:10 UTC
Permalink
If enough people are sending the signal to regenerate stats every hour,
then the distribution of total key counts would cluster around a higher
value, so that people who rely solely upon daily key generation might
drop more than two stddevs below the mean (of numbers after outlier
exclusion).
Geeee! Good hit. :-)

BTW. Let's assume a TLA wants to control HKP traffic of a target
person. (Someone who is worthing some investments like Snowden or
Assange.) A possible attack vector is this:
1. TLA adds a few innocent looking server to the pool.
2. They estimate when the target person will ask the pool.
3. A few hours before the prepared key servers start announce
a fake statistic about number of their keys.
4. Kristian's monitoring software thinks every other servers
miss a few thousands keys and drops them from the pool.
5. Every client connects one of tampered key servers where all
requests and replies are under full control of the operator.

Maybe the monitoring software should not allow the pool to be shrinked
too much. Having many operational server is more important than
keeping the diff low.

Cheers

Gabor
Kim Minh Kaplan
2018-01-28 06:40:01 UTC
Permalink
* add a cron-job to signal SKS to regenerate stats
This could be changed into fixe for SKS keyserver:
* Continuously maintain up to date stats.
--
Kim Minh.
Paul Fontela
2018-01-30 13:06:45 UTC
Permalink
Hi all,

A couple of questions:

1 - Do the servers that operate in non-standard ports appear on the
static page?
        Example: 11380, 11381 or 11390,11391
        I have 3 servers in a LAN and they are working in 11370,11371 -
11380,11381 - 11390-11391, they synchronize well with other servers.

2 - If we all add the task of cron "00 * * * * pkill -USR2 sks || exit
1" in our servers, it would be beneficial to keep more updated
statistics in sks-keyservers.net/status/ that if it is only done every
24 hours ?.

Before the statistics update 2018-01-30 12:35 (UTC) in
https://sks-keyservers.net/status/, the amount of negative ΔKeys (on
color red) was 11 servers, after that update has happened to be 36.

Regards
Paul Fontela
Post by Kim Minh Kaplan
* add a cron-job to signal SKS to regenerate stats
* Continuously maintain up to date stats.
--
Paul Fontela
keyserver.ispfontela.es 11370 # Paul Fontela <***@ispfontela.es> 0x31743FFC33E746C5
Daniel Kahn Gillmor
2018-01-30 17:07:52 UTC
Permalink
Post by Paul Fontela
2 - If we all add the task of cron "00 * * * * pkill -USR2 sks || exit
1" in our servers, it would be beneficial to keep more updated
statistics in sks-keyservers.net/status/ that if it is only done every
24 hours ?.
due to sks's design, stats calculations can make a server briefly
unresponsive. It would be a bad thing if all servers in a pool
calculated stats at the exact same time.

Furthermore, depending on the amount of RAM and the disk I/O capacity,
the time that the server is unresponsive can vary. The administrator of
a machine where RAM is tight and disk I/O is limited might well prefer
to do more infrequent stat rebuilds to minimize the amount of downtime
incurred.

--dkg

Loading...