sks-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sks-devel] keyserver.cns.vt.edu updates

From: Phil Benchoff
Subject: [Sks-devel] keyserver.cns.vt.edu updates
Date: Thu, 13 Oct 2011 20:21:57 -0400 
Some updates on keyserver.cns.vt.edu:

- Thanks to all who responded to my request for peers.  I think I have added
  everyone who responded.

- I changed both the v4 and v6 addresses today.  I left both the old and
  new addresses bound for several hours more than the DNS TTL and then
  removed the old addresses.  If you have some firewall rules or something
  that are configured by address, they need to be updated.  Let me know
  if so and I won't assume DNS will take care of everything the next time.
  Tcpdump didn't show any traffic on the old addresses.

- I'm using stunnel to provide SSL on both ports 11372 and 443.  Right now
  I'm using a CAcert certificate.  I plan to change 443 to a cert that
  is in the trust store of most browsers.  The question is what to do with
  11372.  I'm guessing most people who use hkps probably have the CAcert
  root configured as their trusted CA in gnupg.  Am I better off with a
  cert in most default trust stores, or am I better off with CAcert?

- I tried to add use_port_80: (no arguments) to sksconf, but the server
  won't start and complains that an address is in use.  Port 80 does not
  appear to be in use for either the v4 or v6 address of the key server.
  The host itself has a bunch of v4 and v6 addresses with port 80 in use
  though.  Are there any known issues with use_port_80?  Does it use the
  same address list as specified to hkp_address?

Thanks,
Phil
reply via email to
[Prev in Thread] Current Thread [Next in Thread]