Discussion:
[Sks-devel] Peers
Peter Sunde Kolmisoppi
2017-04-05 21:30:12 UTC
Permalink
Hey all!

Setting up a keyserver and looking for peers!
The machine is located in sweden and will be used for research and internal pgp signing / checking, and not public facing.

Best regards,
Peter
Andrew Gallagher
2017-04-05 22:08:05 UTC
Permalink
Post by Peter Sunde Kolmisoppi
Hey all!
Setting up a keyserver and looking for peers!
The machine is located in sweden and will be used for research and internal pgp signing / checking, and not public facing.
Out of curiosity, how are you going to recon if it's not public facing? Specific firewall holes for your peers?

A
Fabian A. Santiago
2017-04-05 22:32:27 UTC
Permalink
Post by Peter Sunde Kolmisoppi
Post by Peter Sunde Kolmisoppi
Hey all!
Setting up a keyserver and looking for peers!
The machine is located in sweden and will be used for research and
internal pgp signing / checking, and not public facing.
Out of curiosity, how are you going to recon if it's not public facing?
Specific firewall holes for your peers?
A
_______________________________________________
Sks-devel mailing list
https://lists.nongnu.org/mailman/listinfo/sks-devel
Agreed, how? I'd peer with you but curious....
--
Thanks.
Fabian S.
Peter Sunde Kolmisoppi
2017-04-06 08:37:57 UTC
Permalink
Post by Peter Sunde Kolmisoppi
Post by Peter Sunde Kolmisoppi
Hey all!
Setting up a keyserver and looking for peers!
The machine is located in sweden and will be used for research and
internal pgp signing / checking, and not public facing.
Out of curiosity, how are you going to recon if it's not public facing?
Specific firewall holes for your peers?
A
_______________________________________________
Sks-devel mailing list
https://lists.nongnu.org/mailman/listinfo/sks-devel
Agreed, how? I'd peer with you but curious
.
Hey guys,

thanks for that. Yeah, firewall holes for peers. The idea is (as I told Andrew already so sorry for repeating) to do some privacy for internal operations. We don’t want anyone we don’t know to be able to log the lookups of keys for privacy reasons.
We might put up a public facing keyserver in the future but for now we’re also doing some research, so any peers that wants to help would be much appreciated. The more the merrier!

Best,
Peter
Andrew Gallagher
2017-04-06 08:49:52 UTC
Permalink
Post by Peter Sunde Kolmisoppi
Hey guys,
thanks for that. Yeah, firewall holes for peers. The idea is (as I
told Andrew already so sorry for repeating) to do some privacy for
internal operations. We don’t want anyone we don’t know to be able
to log the lookups of keys for privacy reasons. We might put up a
public facing keyserver in the future but for now we’re also doing
some research, so any peers that wants to help would be much
appreciated. The more the merrier!
Just curious, did you consider using tor or is this not possible?

(I'll peer with you after all this, promise!)

Andrew.
Andrew Gallagher
2017-04-06 22:34:01 UTC
Permalink
If the :11371 port is open to the world, to support roaming users, then
you're going to end up in the public pools anyway.
Not quite true. You can avoid being added to the pools by intentionally failing one or more of the entry criteria. The safest (and easiest!) one to fail is the reverse proxy detection. You should always install a reverse proxy but if you don't configure the headers properly, the detector will think you didn't. Oops.

A

Loading...