Some proposals for future synchronising keyserver development

Hi, all. It’s been quiet in keyserver land recently, but I recently published four proposals for how to move forward on the Hockeypuck github blog, and all feedback is welcome: HIP 2: SKS v2 protocol Sync using hashes of self-sig packets rather than hashes of TPKs would mitigate seve

Flooding attack against synchronising keyservers

Hi, everyone. The synchronising keyserver network has been under an intermittent flooding attack for the past five days, resulting in the addition of approximately 3 million obviously-fake OpenPGP keys to the SKS dataset. The fake keys are currently being submitted multiple times per second via

Re: Flooding attack against synchronising keyservers

Hi, all. pgpkeys.eu is fully operational, is accepting key submissions and is syncing with two similarly recovered peers. The number of keys in the dataset is back to pre-flooding levels, and site reliability has been significantly improved. If you are an operator and need assistance recovering

Re: Seeking Peers

On 18 Jan 2024, at 01:57, Gerald Stueve via SKS development and deployment list wrote: > > I am finally replacing my old sks keyserver keys.stueve.us with a > hockeypuck based system and would appreciate any peers. > > [hockeypuck.conflux.recon.partner.keys_stueve_us] > # 0x7fe0536d9ef48359b5f

Re: Seeking Peers

On 23 Jan 2024, at 02:35, Gerald Stueve wrote: > Please try again, it appears accessible from outside my local > network > hockeypuck 2.1.2 > 6613215 keys from pgp.cyberbits.eu last week I can see it now! It’s reporting version 1.1.6 though, have you overridden it in the hockeypuck.conf file? I

Re: Seeking Peers

On 23 Jan 2024, at 20:38, Gerald Stueve wrote: > > On Tue, 2024-01-23 at 18:35 +, Andrew Gallagher wrote: >> >> I can see it now! It’s reporting version 1.1.6 though, have you overridden >> it in the hockeypuck.conf file? I’d recommend against doing that - it used >> to be necessary when w

Re: Key server status

On 7 Mar 2024, at 16:47, Skip Carter wrote: > > I have found that the keyservers are not properly synced: > > The MIT server has my key from 2023-03-29 > but the Ubuntu server has only my old expired key 2019-04-10 (4 years > out of date!). The MIT server is effectively running unmaintained at

Hockeypuck 2.2

Hi, all. I have a stable development branch for Hockeypuck 2.2 that is ready for beta testing. If anyone wants to help test, please pull the latest branch at https://github.com/pgpkeys-eu/hockeypuck/tree/branch-2.2.0 onto a test machine, and restore from a fresh dump (this is important). For

Re: Seeking peers for keys.dryusdan.net

On 31 Mar 2024, at 21:25, William Hay wrote: >> > Do you have protections against flooding attacks in place on your > keyservers(appropriately > configured rate limiting proxy)? Hi, guys. According to the spider at https://spider.pgpkeys.eu/sks-peers, keys.dryusdan.net and gpg.4n0ny.me appear

Re: Seeking peers for keys.dryusdan.net

On 5 Apr 2024, at 17:34, Dryusdan wrote: > > I change my setup today and add HAProxy and standalone configuration. > Actually it is behind nginx for both, keys.dryusdan.net > and gpg.4n0ny.me . Great stuff! Did you make sure to uncomment HAP_BE

Re: Seeking peers for keys.dryusdan.net

On 5 Apr 2024, at 18:36, Dryusdan wrote: > > I double check and no, HAP_BEHIND_PROXY wasn't set. But > HAP_BEHIND_PROXY_EXCEPT_HKP is (in /etc/default/haproxy I directly set > variable and it loaded by systemd service) > > Is now ok :) > So that would imply that ports 80 and 443 are behind n

Hockeypuck 2.2 released

We are pleased to announce the release of Hockeypuck 2.2. Hockeypuck is a modern synchronising keyserver that is optimised for ease of deployment, particularly in containerised environments via docker-compose. Hockeypuck 2.2 is a significant upgrade that includes the following changes: # Featu

Hockeypuck 2.2.1 released

Hi, all. We are pleased to announce the release of Hockeypuck version 2.2.1. This is a bugfix release that addresses two issues with the machine-readable HKP index format that may result in incomplete information being returned to clients. You can install the latest release by cloning the repo

Hockeypuck 2.2.2 released

Hi, all. We are pleased to announce the release of Hockeypuck 2.2.2. This is a bugfix release that addresses several issues: * Fixed handling of trailing whitespace in the search field * Fixed missing 'revoked' flag in index lists * Fixed handling of hostnames in recon configuration It also mak

Re: Looking for peers for pgp.3t.al

Hi, Etaoin. :-) On 6 Jan 2025, at 00:09, Etaoin Wu via SKS development and deployment list wrote: > > The instance on pgp.3t.al (:443 https/hkps, :11371 hkp, :11370 recon) is > hosted on a Hetzner VPS located in Nuremberg, Germany. The Hockeypuck > instance is sitting behind the contrib/docke

Re: Looking for peers for pgp.3t.al

On 6 Jan 2025, at 12:23, Andrew Gallagher via SKS development and deployment list wrote: > >> The version is 2.2-47-g2848306. > > It’s not a good idea to use the `master` branch in production, Apologies, I see now that it is already running version 2.2.2. Please ignore my h

Hockeypuck 2.2.3 released

Hi, all. We are pleased to announce the release of Hockeypuck 2.2.3. This is a bugfix release to fix several minor issues: * Stats now also served on /pks/stats * HEAD and OPTIONS methods now supported * Algorithm names now displayed correctly * Fixed stats calculation * Updated to protonmail/go

Hockeypuck 2.2.4 released

Hi, all. We are pleased to announce the release of Hockeypuck 2.2.4. This is a bugfix release to fix a few minor issues and update dependencies: * Now builds a multi-arch docker image * Added configurable variables to stats page * Worked around an intermittent lockup issue in haproxy * Fixed mac