[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Re: problems with SKS 1.0.10 when searching by key ID fr
|
From: |
Daniel Kahn Gillmor |
|
Subject: |
Re: [Sks-devel] Re: problems with SKS 1.0.10 when searching by key ID from GnuPG |
|
Date: |
Tue, 24 Mar 2009 11:57:48 -0400 |
|
User-agent: |
Mozilla-Thunderbird 2.0.0.19 (X11/20090103) |
On 03/24/2009 11:39 AM, Kristian Fiskerstrand wrote:
> But I'm always open for suggestions. As for now I already have blacklist
> on aliases/ips, but there is an RFE to block certain versions?
I'd like to propose blacklisting SKS version 1.0.10 from the main pool,
because of that version's misbehavior in the face of searches by keyid.
It reflects poorly on the entire pool (and makes the pool significantly
less useful) if these queries intermittently fail.
> Its a set of PHP and bash scripts updating mine at least, and yes, I
> would have the ability to block by version.
Are these scripts published? (this is out of curiosity more than
anything else)
> For now I created subset.pool.sks-keyservers.net which should include
> only keys that are reporting version to be 1.1.0 , so please test this out.
Thanks for this prompt action. I just tested it out, and this pool is
clean w.r.t. querying by keyid in ways that the main pool is not:
> 0 address@hidden:~$ gpg --keyserver pool.sks-keyservers.net --search d21739e9
> gpg: searching for "d21739e9" from hkp server pool.sks-keyservers.net
> gpg: key "d21739e9" not found on keyserver
> 0 address@hidden:~$ gpg --keyserver subset.pool.sks-keyservers.net --search
> d21739e9
> gpg: searching for "d21739e9" from hkp server subset.pool.sks-keyservers.net
> (1) Daniel Kahn Gillmor <address@hidden>
> Daniel Kahn Gillmor <address@hidden>
> Daniel Kahn Gillmor <address@hidden>
> Daniel Kahn Gillmor <address@hidden>
> 4096 bit RSA key D21739E9, created: 2007-06-02
> Keys 1-1 of 1 for "d21739e9". Enter number(s), N)ext, or Q)uit > q
> 0 address@hidden:~$
I also ran a more intensive check against all reported IP addresses, and
i got this:
> 0 address@hidden:~$ test_ks() { wget -q -O-
> 'http://'$1':11371/pks/lookup?options=mr&search=0xD21739E9&exact=on'
> >/dev/null; }
> 0 address@hidden:~$ for foo in $(dig +short pool.sks-keyservers.net); do
> test_ks $foo || echo $foo $(dig +short -x $foo) ; done
> 62.48.35.100 lorien.prato.linux.it.
> 195.22.207.161 161.160/29.207.22.195.in-addr.arpa. trider-g7.fabbione.net.
> 0 address@hidden:~$ for foo in $(dig +short subset.pool.sks-keyservers.net);
> do test_ks $foo || echo $foo $(dig +short -x $foo) ; done
> 0 address@hidden:~$
So it looks like your filter technique is working to me.
--dkg
signature.asc
Description: OpenPGP digital signature
- Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG, (continued)
- Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG, Phil Pennock, 2009/03/22
- Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG, David Shaw, 2009/03/22
- Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG, Daniel Kahn Gillmor, 2009/03/22
- Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG, Yaron Minsky, 2009/03/22
- Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG, Daniel Kahn Gillmor, 2009/03/22
- Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG, Yaron Minsky, 2009/03/23
- Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG, David Shaw, 2009/03/23
- Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG, David Shaw, 2009/03/23
- Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG, Daniel Kahn Gillmor, 2009/03/23
- [Sks-devel] Re: problems with SKS 1.0.10 when searching by key ID from GnuPG, Kristian Fiskerstrand, 2009/03/24
- Re: [Sks-devel] Re: problems with SKS 1.0.10 when searching by key ID from GnuPG,
Daniel Kahn Gillmor <=
- Re: [Sks-devel] Re: problems with SKS 1.0.10 when searching by key ID from GnuPG, Phil Pennock, 2009/03/25
- Re: [Sks-devel] Re: problems with SKS 1.0.10 when searching by key ID from GnuPG, Phil Pennock, 2009/03/25
- Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG, John Clizbe, 2009/03/23
- Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG, Daniel Kahn Gillmor, 2009/03/24
- Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG, Phil Pennock, 2009/03/24
- Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG, jack-sks-devel, 2009/03/24