[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] keyserver stats gathering
|
From: |
Phil Pennock |
|
Subject: |
Re: [Sks-devel] keyserver stats gathering |
|
Date: |
Wed, 24 Feb 2016 06:32:21 +0000 |
On 2016-02-24 at 06:17 +0000, Mire, John wrote:
> What is the process for the keyserver status page generation
> (https://sks-keyservers.net/status/)
> i.e., what scripts/queries are executed against the individual keyserver?
> How often?
> Campus is setting up Palo Alto firewalls with traffic/application inspection
> and profiling
It's an HTTP request, against the regular HKP service, just on a special
endpoint; eg:
http://sks.spodhuis.org:11371/pks/lookup?op=stats
The only thing different about this is `op=stats` instead of `op=index`
or whatever.
This is considered public information, because your peers expect to be
able to look at this to diagnose problems with the peering: your
problems can become their problems, if you fall too far behind.
Kristian has some PHP scripts which do the work for the
sks-keyservers.net pages; I have other tooling, others will use
browsers. Kristian's service is considered "canonical" by most, but is
not in any way using privileged access.
If you start blocking "unusual" requests for the stats which aren't at
DoS levels then you'll upset your peers and lose peering.
-Phil