Re: [Sks-devel] [GnuPG-users] sks-keyservers.net: Changes to pools / SRV Weights

[Kristian Fiskerstrand]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 2012-05-13 22:33, Phil Pennock wrote:
> On 2012-05-13 at 15:20 -0500, John Clizbe wrote:

> 
> Hrm.  When I was new to SKS, I set up "sks.spodhuis.org" and 
> "sks-peer.spodhuis.org".  My hope was to use different filtering
> on different addresses, but that was before I was aware of the
> 11371 port use as part of the recon process.
> 
> I've been consistent in supplying sks-peer.spodhuis.org for
> membership files.
> 
> My intuition has me reluctant to change my current split; sure,
> recon still goes through the proxy, that's not it.  I just view
> "use as a client" and "use for peering" as two different roles of
> the server and the addressing used for those roles should be
> distinct, for potential segregation.

Hi Phil,

Indeed nice to separate between these two, but as you point out, upon
establishing a recon connection (usually on 11370) , the port to use
for fetching keys is transmitted.

My setup use 11372 as the port for this, which is filtered to match my
peers. 11371 is the client facing port (behind a reverse proxy),
whereby 11372 is used for all peers.

Granted this issue has been reduced after the latest changes to SKS
that now provide a proper HTTP/1.0 version that allows for POST even
behind a reverse proxy.


- -- 
- ----------------------------
Kristian Fiskerstrand
http://www.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Corruptissima re publica plurimæ leges
The greater the degeneration of the republic, the more of its laws
- ----------------------------
This email was digitally signed using the OpenPGP
standard. If you want to read more about this
The book: Sending Emails - The Safe Way: An
introduction to OpenPGP security is now
available in both Amazon Kindle and Paperback
format at
http://www.amazon.com/dp/B006RSG1S4/
- ----------------------------
Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJPsB3RAAoJEBbgz41rC5UIeyIP/jvwFlc7g7nqihE4fg6oSJMC
ZZmz5OnxcAavXk5rWWtych7EffXzZ54eeYe+rU2eFr4U2e9sDbKGqu8vXlvcuYth
hYNYgh5k4TrSHL24mMSEI4ZodWNd+Hanwj5Cj4XYZrnvaLRcmXvtov95p7zuNVNR
qIEWT2xQzF4qj4q1pQqPETesxYS4FBRw+Btf4UhwRPsGrKsi6KlQYPRIvdtOraVB
w8yqAxxc/s9D7t50YLbyvOwaiHwikbwmnnFE6fGh6Ija7TRWlWlCahCOau7X5Wda
t59tABaWpPWk2vUR+iwWWs3BzdCMvaZeid/x2b6mn5co9gfsr568uiWLcUcy2J5V
OCT4J5aJ5oMXzkCo3/08OWKfypECs813sCoqBJCnBumZzCCcp6/i2t3IJP+svvf7
HfZGSgJrAcCJnPRLw2XJvHRUFJk/CEW7KjSEZclzuxSr+94YhCvxybR4Ho+sCJgy
aIWFgs+/a12jvkpJXvhjFK0C5x7Wr6w+faXtz2LNqsRPGfzmZj1TWjPKNNxPnXyV
Qjxq3QrTZ+4ZTSQ7oZ77DB3PQs6NbyceG17oFF9emgPud3URUK7iXcZNotVupwGl
SiurDhaq+CfDAd7/cJnKU74VPPYRrahhfH8uMKtBmpA4/McVyUvh5g1c7yuve2qX
mOPmGiIBtyMVu+sDWGvZ
=kRDn
-----END PGP SIGNATURE-----