Re: [Sks-devel] Peering request from Zurich / Switzerland

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Peering request from Zurich / Switzerland

From:	Kristian Fiskerstrand
Subject:	Re: [Sks-devel] Peering request from Zurich / Switzerland
Date:	Fri, 06 Jun 2014 08:07:00 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 06/06/2014 03:21 AM, Phil Pennock wrote:
> On 2014-06-05 at 19:37 +0200, MSW-Technologies.de wrote:
>> we have just set up a public keyserver located at:
>> 
>> gpg.directory 11370
>> 
>> The server is operated by NAG Netbone Digital AG (RIPE member) in
>> Zurich, Switzerland.
> 
> According to <http://gpg.directory:11371/pks/lookup?op=stats> you
> are running SKS 1.1.3 -- this has a known cross-site scripting 
> vulnerability, so you're soon going to be ineligible to be a member
> of the main serving pool, if that matters to you.
> 

To be a bit pedantic; a requirement to have fixed CVE-2014-3207 will
only apply to the HKPS pool initially.

> 
> You also _appear_ to not have a front-end reverse-proxy in front of
> your server, which is why you're showing in red at 
> <https://sks-keyservers.net/status/>.  You should be aware that
> SKS serves a single request at a time, in the one thread, before
> accepting the next request, so one slow client can DoS your
> service.  Best current practice is to deploy with a reverse proxy
> in front.

Total number of keys: 4 << is important to note as well. There is no
keydump loaded as per Initial Keydump section of
https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering

- -- 
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
"The power of accurate observation is commonly called cynicism by
those who have not got it."
George Bernard Shaw
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJTkVqEAAoJEPw7F94F4TaglCQP/A3ri6oxvwOvzFsE1e1ip+5T
GreiZyHaIv2rEFe7Qm6mOvUSD9POsx1XtVn1lhswJw6Of+WLhF1cLxmGzbW1Gt55
3dKKBELHoUV9pQbEwKAWJ1kRPoJTfuuMjSI8i73qNjMXTJ6tus6fvWk4MXbQoR2s
uL5q6YC1mJJyem9YWv0sBNXFylU2M/X1J3HhsLEn5MshzX2oHJ6w2G/X50kbiQhB
WDPkm8eyVISbgZDay7vOkKl0P3++4jzk/I+0s9hbnkVBYc/wLJujroRWPmnWEEhi
xUXli+Yu1+pmKPHA+thXxTCm2B7HQsffMd0nH/IuvBfQ8yBtYQkgLRqDzw/Ru+Dz
C8GpyRviTLF0kNN9ow2+UZe2f9xk1uYlL/iV4kqcSQidNt8ioc2/X9jYT5KGhJ3/
ZwRepPhcrgwudx+qJuht7LX4ZlENk5Idv1eGpAHKIb9ruO2ubYcnJKHAboy50gK3
ZScRCYisf25DnMloAWfswsmp+xFMsya0uRU5PSLrsUOGe5vpj+gBq3PZnzCHW6J6
kVc/pfdz+k3Il+gt86J9zWO0kdUqKDr4CflTFoH3XYlGJesUGHEUadjHAqYRzHXE
1YjLkuuVpB8Vvry89lfQbucaQ1qf90Q5l48geNwzFc8DT+VaAcn4KHBS1e1Z5yMj
hU46lKl4UVWPYpqtUjDF
=CoVF
-----END PGP SIGNATURE-----

[Prev in Thread]

Current Thread

[Next in Thread]

[Sks-devel] Peering request from Zurich / Switzerland, MSW-Technologies.de, 2014/06/05
- Re: [Sks-devel] Peering request from Zurich / Switzerland, Phil Pennock, 2014/06/05
  - Re: [Sks-devel] Peering request from Zurich / Switzerland, Kristian Fiskerstrand <=

Prev by Date: Re: [Sks-devel] Peering request from Zurich / Switzerland
Next by Date: [Sks-devel] Upgrading to SKS 1.1.5
Previous by thread: Re: [Sks-devel] Peering request from Zurich / Switzerland
Next by thread: [Sks-devel] Upgrading to SKS 1.1.5
Index(es):
- Date
- Thread