[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] sks-keyservers.net New HKPS subpool added
From: |
Kristian Fiskerstrand |
Subject: |
Re: [Sks-devel] sks-keyservers.net New HKPS subpool added |
Date: |
Mon, 08 Oct 2012 23:10:57 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120912 Thunderbird/15.0.1 |
On 10/08/2012 11:08 PM, Phil Pennock wrote:
> On 2012-10-08 at 23:01 +0200, Kristian Fiskerstrand wrote:
>> That seems like another bug to add to the SRV port not being used for
>> SRV handling. Are you sending it over to gnupg-{users,devel}?
>
> I just filed a bug:
>
> https://bugs.g10code.com/gnupg/issue1447
>
>> I'll have to remove the SRV record for keys.kfwebs.net for the pool to
>> function correctly at the moment, as this is not handled. But that bug
>> has already been reported upstream.
>>
>> Any thoughts on how I should proceed? Should I disable the cert check in
>> my crawler so that all hkps servers show up for now until some more of
>> the server operators (presuming they want to) generate CSRs, or, given
>> the young nature of this pool, would it be OK to just grow organically?
>
> I think we should leave the cert check in, _if_ you can ensure that
> you're sending SNI of "hkps.sks-keyservers.net", to retrieve the correct
> cert from the server.
>
> Then let it grow, and note that this pool is only going to be usable
> with bug-fixed GnuPG.
Well, unless we adhere to the bug itself and remove the SRV record,
which isn't strictly necessary for the standard port.
--
----------------------------
Kristian Fiskerstrand
http://www.sumptuouscapital.com
Twitter: @krifisk
----------------------------
"Great things are not accomplished by those who yield to trends and fads
and popular opinion."
(Jack Kerouac)
----------------------------
This email was digitally signed using the OpenPGP
standard. If you want to read more about this
The book: Sending Emails - The Safe Way: An
introduction to OpenPGP security is
available in both Amazon Kindle and Paperback
format at
http://www.amazon.com/dp/B006RSG1S4/
----------------------------
Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/
signature.asc
Description: OpenPGP digital signature
- Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, (continued)
- Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Kristian Fiskerstrand, 2012/10/08
- Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Kristian Fiskerstrand, 2012/10/08
- Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Phil Pennock, 2012/10/08
- Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Kristian Fiskerstrand, 2012/10/08
- Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Phil Pennock, 2012/10/08
- Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Kristian Fiskerstrand, 2012/10/08
- Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Phil Pennock, 2012/10/08
- Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Kristian Fiskerstrand, 2012/10/08
- Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Kristian Fiskerstrand, 2012/10/08
- Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Phil Pennock, 2012/10/08
- Re: [Sks-devel] sks-keyservers.net New HKPS subpool added,
Kristian Fiskerstrand <=
- Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Kristian Fiskerstrand, 2012/10/08
- Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Phil Pennock, 2012/10/08
- Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Stephan Seitz, 2012/10/08
- Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Kristian Fiskerstrand, 2012/10/08
- Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Kristian Fiskerstrand, 2012/10/08
- Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Stephan Seitz, 2012/10/08
- Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Kristian Fiskerstrand, 2012/10/08
Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Kristian Fiskerstrand, 2012/10/06