[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Peering request from Zurich / Switzerland
From: |
Kristian Fiskerstrand |
Subject: |
Re: [Sks-devel] Peering request from Zurich / Switzerland |
Date: |
Fri, 06 Jun 2014 08:07:00 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 06/06/2014 03:21 AM, Phil Pennock wrote:
> On 2014-06-05 at 19:37 +0200, MSW-Technologies.de wrote:
>> we have just set up a public keyserver located at:
>>
>> gpg.directory 11370
>>
>> The server is operated by NAG Netbone Digital AG (RIPE member) in
>> Zurich, Switzerland.
>
> According to <http://gpg.directory:11371/pks/lookup?op=stats> you
> are running SKS 1.1.3 -- this has a known cross-site scripting
> vulnerability, so you're soon going to be ineligible to be a member
> of the main serving pool, if that matters to you.
>
To be a bit pedantic; a requirement to have fixed CVE-2014-3207 will
only apply to the HKPS pool initially.
>
> You also _appear_ to not have a front-end reverse-proxy in front of
> your server, which is why you're showing in red at
> <https://sks-keyservers.net/status/>. You should be aware that
> SKS serves a single request at a time, in the one thread, before
> accepting the next request, so one slow client can DoS your
> service. Best current practice is to deploy with a reverse proxy
> in front.
Total number of keys: 4 << is important to note as well. There is no
keydump loaded as per Initial Keydump section of
https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering
- --
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
"The power of accurate observation is commonly called cynicism by
those who have not got it."
George Bernard Shaw
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJTkVqEAAoJEPw7F94F4TaglCQP/A3ri6oxvwOvzFsE1e1ip+5T
GreiZyHaIv2rEFe7Qm6mOvUSD9POsx1XtVn1lhswJw6Of+WLhF1cLxmGzbW1Gt55
3dKKBELHoUV9pQbEwKAWJ1kRPoJTfuuMjSI8i73qNjMXTJ6tus6fvWk4MXbQoR2s
uL5q6YC1mJJyem9YWv0sBNXFylU2M/X1J3HhsLEn5MshzX2oHJ6w2G/X50kbiQhB
WDPkm8eyVISbgZDay7vOkKl0P3++4jzk/I+0s9hbnkVBYc/wLJujroRWPmnWEEhi
xUXli+Yu1+pmKPHA+thXxTCm2B7HQsffMd0nH/IuvBfQ8yBtYQkgLRqDzw/Ru+Dz
C8GpyRviTLF0kNN9ow2+UZe2f9xk1uYlL/iV4kqcSQidNt8ioc2/X9jYT5KGhJ3/
ZwRepPhcrgwudx+qJuht7LX4ZlENk5Idv1eGpAHKIb9ruO2ubYcnJKHAboy50gK3
ZScRCYisf25DnMloAWfswsmp+xFMsya0uRU5PSLrsUOGe5vpj+gBq3PZnzCHW6J6
kVc/pfdz+k3Il+gt86J9zWO0kdUqKDr4CflTFoH3XYlGJesUGHEUadjHAqYRzHXE
1YjLkuuVpB8Vvry89lfQbucaQ1qf90Q5l48geNwzFc8DT+VaAcn4KHBS1e1Z5yMj
hU46lKl4UVWPYpqtUjDF
=CoVF
-----END PGP SIGNATURE-----