Re: Current key servers
Faramir wrote: > El 12-04-2012 20:29, John Clizbe escribió: > ... > >>> pool.sks-keyservers.net adds them to its own list. So really, >>> that's the only address you need. :) > >> It's best to stick with the pool address, otherwise if you select a >> single server, you'll run into trouble if it's offline or there is >> a connectivity > > I'd also keep 1 or 2 addresses to keyservers, just in case one day > the pool has troubles. OK, here's my list of addresses: 192.168.1.2 booboo # Windows 2003 Svr[*] 192.168.1.4 yogi# Slackware Linux 192.168.1.5 picnic # Slackware Linux 192.168.1.18basket # MacOS X 192.168.1.19horse # Solaris 10 192.168.1.20nell# Solaris 10 2[*],4 & 18 ==> keyserver.gingerbear.net 5, 19, & 20 ==> sks.keyservers.net [*] If I ever get the Win32 timing precise enough for sks recon, booboo will join yogi and basket About trouble with pool.sks-keyservers.net: Even if the pool server goes down, there are extra DNS servers in place acting as secondaries for the zone. So the pool DNS addresses should always be available, even if they aren't being regularly updated (which is now four times per day). If you query the NS records for sks-keyservers.net, 6 or 7 nameserver records should be returned. -John -- John P. Clizbe Inet: John (a) Gingerbear DAWT net SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or mailto:pgp-public-k...@gingerbear.net?subject=HELP Cowboy Haiku -- Reflections on Rodeo So many Cowboys. / Round Wrangler butts drive me nuts. / Never enough rope. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Current key servers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 How can we use private IPs ? >OK, here's my list of addresses: >192.168.1.2booboo # Windows 2003 Svr[*] >192.168.1.4yogi# Slackware Linux >192.168.1.5picnic # Slackware Linux >192.168.1.18 basket # MacOS X >192.168.1.19 horse # Solaris 10 >192.168.1.20 nell# Solaris 10 > -BEGIN PGP SIGNATURE- Version: APG v1.0.8 iQI7BAEBCgAlBQJPlS2YHhxNdXN0cnVtIDxNdXN0cnVtQE11c3RydW0ubmV0PgAK CRBMuv2GX9WDnjI0D/4rjQm7rkAgVDWeU4OYWW8yqHur/l71lKga/8Gk9EFzJdY0 SSU69qPZknT2HATilCWudX/0Wixh9LAhs8Si6KQ0o9tOxZBG7FbH+LxFKG36Bj1q qA4L2kYQ4YlAZ6Le3wNHr8+ktxctfAgAUwyiNvOgAtx7cgPUOj+xo6LsNUwbG4WN esF8FLvHqEpBdR5LCHZ8mpSFyAQVWb+RnhVTYiqKh5QfgpR1TRpsSXNBP7INNNGo IbMw3dPIMkMT0s1TY34r7aULWM7kmiw3+nGqfrW8OSZ6FzcU03Asn9YXkQdTIi1S +6cW8/PVO97J2120W6lpg9PPDqZ+DbXEA1ZIClfoWWciKE4D+vfIottM1VAAfGdk jfjwn/3iMJJFuJRRvT4gqDUbq3pgrnkCPJcyvyzYDzSHhdLxaLXfD+I6eUDkAASQ u9ThpE7AGMObhcv9cXUGncK4UtD99Lk+oAVFmAUP2J6e1AMvdYiCgMcdN0dYKxXZ rvmAR4/aE2vL9/PHldWFmijWFqhYnUn5AJ4Axwt4hdV4n/do7W19ygmfcDnvlmcG 294vboQwTyv4yM5AuYyb1ghQQZCtCyG9eDfTB6GEV6rEZEiU5kBFXkfe+JI9zWQF R7XKrHTYYVHwfV5S1h7r0CBr1kJMbQSNjnt6CGTARM7KA9/W/Xy3j6TNam6bUA== =uK+d -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: new user anxiety
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 16/04/12 22:47, Michael Talbot-Wilson wrote: > On Mon, 16 Apr 2012, Robert J. Hansen wrote: > >> On 4/16/2012 12:12 AM, Michael Talbot-Wilson wrote: >>> Found nothing in the FAQ on this. >> >> First, it's an entirely expected thing. It's not a problem, it's just a >> thing. > > Thanks. And thanks to everyone who responded. I think I found the > answer overnight in Lucas's book, the section "Email from Beyond Your > Web of Trust" (p. 120). I guess I need to _have_ some such web. > > Thanks again. > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > Hello Michael, Firstly, ALL keys are untrustworthy - even if signed by some one else - it's not till you have met the person - verified it's them - and checked a copy of their public key - which they show you as a print out. If you then decide to have a level of confidence (trust) in that person being who they say they are - and the key belongs to them then you can set some level of trust. The web of trust is not something you can pick up. Rather the web of trust is a group of people that have seen each other's public keys and thus signed them. So your mates and your sister all use pgp - they each agree to sign each's key - then you have a web of trust. - -- “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind. Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.” http:/counter.li.org 512854 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPlWgRAAoJEOJpqm7flRExR+MH/0rweTmNZRnADsS6ZZtq7F/m RWMkQ6Quqp09Ve12uTzOPKjIocaNyhv3+8P/ILXaTT1f+tGLnc2OZasxC3SdU1F9 oB+XCzwaxNp1fxGQdJBtj/DNAkWgr+EtpKvWRu+5EOiCqTcuJu/7/JdV8lRG62qx xY/vGt1UzYrsAmqnYyUl2e0JvToxPHIMRZugA3NXRX3YChd4n9TdLt/NUc6WjNUd JrvLag1HUe1qlzAUEMMAtYatkX1YwSxSk+V/R+WoyskdbDjejwX5eZ/o8X2EMMTM Dw9PpBUWmySSft1NzzPR6fC/ocgRhYuDPDan/9Mz+uI3kfvzvxT2K61lbmlM6oo= =OQg2 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg4win: homedir option not passed on to gpg-agent
On Thu, 19 Apr 2012 11:56, peter.c.dietr...@freenet.de said: > I use gpg on Windows XP Sp3 via gpg4win 2.1.1-svn1694. I don't know this version. The last released one is 2.1.0. Meanwhile we switched to git and thus the svn prefix does not make sense anymore. Please test with the 2.1.0. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg4win: homedir option not passed on to gpg-agent
On Mon, 23 Apr 2012 16:34:16 +0200, Werner Koch wrote: On Thu, 19 Apr 2012 11:56, peter.c.dietr...@freenet.de said: I use gpg on Windows XP Sp3 via gpg4win 2.1.1-svn1694. I don't know this version. The last released one is 2.1.0. Meanwhile we switched to git and thus the svn prefix does not make sense anymore. Please test with the 2.1.0. Salam-Shalom, Werner I installed this version (2.1.1-svn1694) only after I had experienced the behavior I described with version 2.1.0. Then I searched for a solution and what I found was just said version, I don't remember where I actually got it from. I didn't know it was unbeknown to the developers. Anyway, I have reinstalled the official release (2.1.0), and the behavior is still as mentioned in my previous post (tried to generate a new keyring in a directory that is not the home directory with "gpg2 --homedir some/other/directory --gen-key" and receive gpg-agent related IPC error). Installing the newest beta of gpg4win (gpg 2.1.1-git93779b3) did not make a difference in this respect, either. So, if you know of a way to mend this, tell me, please. Kind regards, Peter ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Current key servers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 23.04.2012 12:23, Mustrum wrote: > How can we use private IPs ? > > >> OK, here's my list of addresses: 192.168.1.2 booboo # Windows >> 2003 Svr[*] 192.168.1.4 yogi# Slackware Linux 192.168.1.5 picnic >> # Slackware Linux 192.168.1.18 basket # MacOS X 192.168.1.19 >> horse# Solaris 10 192.168.1.20 nell# Solaris 10 > John's public DNS names are listed below that snippet. On 23.04.2012 08:52, John Clizbe wrote: ... > 2[*],4 & 18 ==> keyserver.gingerbear.net 5, 19, & 20 ==> > sks.keyservers.net But as also mentioned by John, the pool is running on quite a bit of redundancy when it comes to DNS servers; Name Server: NS2.SKS-KEYSERVERS.NET Name Server: NS3.SKS-KEYSERVERS.NET Name Server: NS5.SKS-KEYSERVERS.NET Name Server: NS6.SKS-KEYSERVERS.NET Name Server: NS7.SKS-KEYSERVERS.NET of which at least one of the DNS servers is a BGP AnyCast address. So I'm very interested in hearing if anyone is having troubles with it - -- - Kristian Fiskerstrand http://www.sumptuouscapital.com Twitter: @krifisk - Corruptissima re publica plurimæ leges The greater the degeneration of the republic, the more of its laws - This email was digitally signed using the OpenPGP standard. If you want to read more about this The book: Sending Emails - The Safe Way: An introduction to OpenPGP security is now available in both Amazon Kindle and Paperback format at http://www.amazon.com/dp/B006RSG1S4/ - Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJPldt2AAoJEBbgz41rC5UIAYYQALy0j3eAHeaHXd69KjPx4m64 q0ixINi50dgvuywRTrZlqiMdMczpb+HgvIZOjCKblS101UbREm1MO7+dfIBug2Pt Sf2/FgyObD/p9yy8W/me3WB6SbER1kxYx/4M93t60PjR9jDCuywTEpXZmUZt7YaZ IhAPaqKVP3he66GYuHvhueSjTtBUpAyfwezRMX7XZmQiIRc2YMI2ngrHpj27b/nf cCqvvb55Mwfjs1S/Rlhp+DpIbnO70xNYEW+kK3NgOIrfpnLH3ERf+YGhT/YpUUde s2Csdk6QS04UMNTXqatcqAriy186Hmezpy9UifAOzpoyUxW5p+muWooft8QuVzrB 3jPeMe4Vq+siWp7KgTYcLb/Bk92/n/69E+koSH0e8jfdcGvuN3V1huVCdqltJgRb bHXCVYen72oP+SiinxJaAaahoJISrAFIhkzLFtCCEUoQDmqpOH3RpEtlhaY0uXuF gpE2WCx7FaDsHEptwnUHxFbamYTJnJZA53gNbw8fzRMGQptc8NuJsMqU7X8nQ9sx cM05qVEdo+BSkyIGLh0n8/5FssxKLrs866WMDlEcwxg0aOF3X99h/4QZ1dPCsxZW FMadja5d/WAFq+huyiT0ZM/gMhaeE5Vst0S5SE9C5Ud3s2tlvN7YMjUqsv95IMzi QwpX14gNyJnslfDbIlIL =jdFX -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Current key servers
Mustrum wrote: > How can we use private IPs ? > See below. > >>OK, here's my list of addresses: >>192.168.1.2 booboo # Windows 2003 Svr[*] >>192.168.1.4 yogi# Slackware Linux >>192.168.1.5 picnic # Slackware Linux >>192.168.1.18 basket # MacOS X >>192.168.1.19 horse # Solaris 10 >>192.168.1.20 nell# Solaris 10 > Faramir wrote: > I'd also keep 1 or 2 addresses to keyservers, just in case one day > the pool has troubles. Well,... that's _my_ list of keyservers. You are correct that they are private IP addresses. There are over 110 SKS keyservers online right now. They're not all in datacenters. :-) If you have a local keyserver it doesn't make a lot of sense to go hit the router only to be port forwarded back to the local IP address. If a public facing server (keyserver.gingerbear.net or sks.keyservers.net ) goes down for some reason, another can be put in place with a couple mouse clicks. They all "talk amongst themselves" so they are all always up-to-date. Why do I have 5 1/2 keyservers running on my local net? I do a "fair" amount of code work on SKS, the keyserver platform, https://code.google.com/r/johnclizbe-sks-keyserver/source/list Production and test boxes for two public facing keyservers gets me four of those. They're also used to test for portability to other operating systems. (Who would think one could run SKS on Windows? sks-db works fine. Still have timing issues with sks_recon.) There was a DNS issue some time back. That led to the addition of a large number of secondary nameservers. Kristian Fiskerstrand has also been working on the pool selection code to make it more robust. [sks-devel] is a fairly quiet group, but we're attentive and working. -John -- John P. Clizbe Inet: John (a) Gingerbear DAWT net SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or mailto:pgp-public-k...@gingerbear.net?subject=HELP Cowboy Haiku -- Reflections on Rodeo So many Cowboys. / Round Wrangler butts drive me nuts. / Never enough rope. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
