Re: [Sks-devel] gossip partner request

[Phil Pennock]

On 2009-11-25 at 10:49 +0100, Sebastian Urbach wrote:
> the debian readme told me to ask for gossip partners if we want to
> connect to the global sks-network. Here we go as ordered ;-)

Well no, since you don't provide details of the peering hostname.

The usual form is to post, at a minimum, the hostname.  Ideally, the
hostname, the port (even if it's the normal one) and a contact address
to use for admin purposes.  Add a PGP keyid and you've got everything
covered.  Post this in the format that it would go in the "membership"
file.

Eg, a thorough line would be:
  sks.example.com 11370  # Fred Bloggs <address@hidden> 0xDEADBEEF


A more *common* line would include only the first two items.  *sigh*

Then you'll get responses saying you've been added, so you should then
add that respondent to your file.  The peering has access controls based
on source IP for inbound connections, checking it's the IP of one of
your peers, so if you don't have mutually correct entries then peering
won't work.

If you edit your "sksconf" file to add:
  membership_reload_interval: 1
then changes will be picked up more quickly.

If your machine is at all modern (past few years) then you might also
add:
  initial_stat:
(include the final ":" but put nothing after it); this will cause sks to
do a statistics gathering run at startup; look at your performance with
this option on to decide if you're happy with it.  The advantage is that
when you point a web-browser at:
  http://your-sks-server.example.com:11371/pks/lookup?op=stats
then you'll get complete data very soon after start-up, which can be
very helpful.

Once you've gotten a peer and have been up for a day or so, check back
in at:
  http://www.sks-keyservers.net/status/
  http://www.pramberger.at/peter/services/keyserver/network/
to see how your server is being reported and check that everything is
okay.

Regards,
-Phil

pgp2J7GZDVMuJ.pgp
Description: PGP signature