Re: [Sks-devel] seeking peers for pgp.securitytext.org

[PGP Key Server Administrator]

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA512

Thank you so much for your quick feedback Alain & Hendrik. Per your suggestions (and the super helpful guide), I have gone ahead and changed the following:

  * Upgraded to sks v1.1.6: https://keyserver.securitytext.org/pks/lookup?op=stats

  * Removed Cloudflare; flattened DNS into keyserver.securitytext.org (with A/AAAA records):

    * `dig a keyserver.securitytext.org` => 54.177.40.110

    * `dig aaaa keyserver.securitytext.org` => 2600:1f1c:f79:ab00:e2f2:5d26:bd6d:c13d

  * Made available ports: 80, 443, 11370, 11371, 11372.

  * Added SRV records for _pgpkey-http/_pgpkey-https:

    * `dig srv _pgpkey-http._tcp.keyserver.securitytext.org` => 10 0 11371 keyserver.securitytext.org, 10 0 80 keyserver.securitytext.org

    * `dig srv _pgpkey-https._tcp.keyserver.securitytext.org` => 10 0 11372 keyserver.securitytext.org, 10 0 443 keyserver.securitytext.org

I believe these changes cover all the earlier feedback raised, but if I missed something please don't hesitate to let me know. The corrected* membership line should be:

  keyserver.securitytext.org 11370 # securitytext.org <address@hidden> 0x169508A9

Thanks again for your time.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEwQo8Hkszv5HFq6iLLv5IZRaVCKkFAlqoE8oACgkQLv5IZRaV

CKkOXg/+Nbu95xn7AyqtgWK9LMJcCK9gg8zgt64UhygWtGb2DxUmgDeS6gk3hCa6

dtCxofN+jyd7HU6OpduM0aDEdzkaHa7De62jGIla/uEaBbf1jN4imP4CvxaJaAwn

Rd+fcl8QFP9DNWeR/k501wDURU5RAsOOGkTA5lK+LjmOa0VGC22Aom4cCicLbL9F

Q4wCGMpvhWDK1yZArchw1GVrgIWwO5kJa8rYG/MRZQuUL21y7gSS0YvjXPYxtWUA

HtXDCrEC6d6+IdKMEn7PBAjK7wlWTIIjnJkAzqsyFp6n/0eOQ9ZbJt1pm7/xiqus

dulh8V6rlj2Zpb5CZB/MR/94CfPW7HCO6I3VH2IHeo9g8VQCmGOxniKAfZh2mCUU

IQgFfPTnyEUWitjQbcKJs/xGHXW/M9Okcs8wyrxk9qQr119A3JgwNFl4rPajqWpT

3JNxTgrTlKppC8sSph/+aU1ypo/kVDbf67d2mk02jY9gnvMNgh+eRZNWsM4VLuzB

WZok5oTECS1Ltjqttol81KOClvsFE69i3GdCKTs5LNNJ9f2jrieXRz7Lk69UWYIO

qK6qikd7LpBGvHmCLSAUZKpMwDpejhpm5LQZ1IjjiHp3NcY3tSPVhIUNRgVx8poZ

pp1fuWgrI+SLmuQqBXDwtwAto+ND2wxLMrpAJYL3aiiNBCPit78=

=JF4a

-----END PGP SIGNATURE-----

On Mon, Mar 12, 2018 at 11:24 PM, Hendrik Visage <address@hidden> wrote:

On 13 Mar 2018, at 07:54 , Alain Wolf <address@hidden> wrote:

Hello PGP Key Server Administrator

I don't think this setup will make it into the pool:

* pgp.securitytext.org points to a Cloudflare IP, which does not answer
  to OpenPGP clients on TCP port 11371.

Yeah, that definitely won’t work for SKS

* I can't connect to dualstack.pgp.securitytext.org, neither on TCP
  port 11370 nor 11371

could you connect to the ipv4/ipv6 versions? they are but the separate IPs for dualstack.

On 13.03.2018 05:51, PGP Key Server Administrator wrote:

Apologies for the incorrect member entries. Corrected ones below:

ipv4.pgp.securitytext.org <http://ipv4.pgp.securitytext.org> 11370 # PGP Key Server Administrator <address@hidden <mailto:address@hidden>> 0x169508A9
ipv6.pgp.securitytext.org <http://ipv6.pgp.securitytext.org> 11370 # PGP Key Server Administrator <address@hidden <mailto:address@hidden>> 0x169508A9
dualstack.pgp.securitytext.org <http://dualstack.pgp.securitytext.org> 11370 # PGP Key Server Administrator <address@hidden <mailto:address@hidden>> 0x169508A9

This will end up as three different servers in the SKS pool, even though they are the same server? rather just advertise the dualstack, en drop the CloudFlare as already pointed out ;)

   I am looking for peers for a new SKS keyserver installation.

   I am running SKS version 1.1.5, on pgp.securitytext.org <http://pgp.securitytext.org>.

This also won’t make it into the pool. I suspect it’s a Debian/Ubuntu setup? Get the 1.1.6 software that’s needed to make it into the pool.

See https://roll.urown.net/server/pgp-keyserver.html for guides to setup SKS server.

   We are a registry for security.txt files, which utilize OpenPGP keys.

Something to Google laterz when Ops issues resided :)