[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Changes to sks-keyservers.net pools
|
From: |
Kristian Fiskerstrand |
|
Subject: |
Re: [Sks-devel] Changes to sks-keyservers.net pools |
|
Date: |
Sun, 11 May 2014 23:18:47 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 05/11/2014 10:43 PM, Kristian Fiskerstrand wrote:
> On 05/06/2014 02:55 PM, Jeremy T. Bouse wrote:
>> On 05/06/2014 05:08 AM, Kristian Fiskerstrand wrote:
>>> Dear lists,
>>>
>>> Following the release of SKS 1.1.5[0] the following changes
>>> will be made to the pools of sks-keyservers.net
>>>
>>> subset.pool.sks-keyservers.net has been set to a minimum
>>> requirement of SKS 1.1.5 with immediate effect.
>>>
>>> Due to CVE-2014-3207[1] I want to bump
>>> hkps.pool.sks-keyservers.net to a requirement of 1.1.5 as this
>>> can potentially be in another security context / zone, however
>>> I'm giving this a grace period of (at least) 45-60 days to
>>> allow server administrators to upgrade their servers.
>
> In recognition of package-maintainers backporting the security
> fixes to older versions of SKS for stable systems I'm revising the
> latter statement a bit. I have now implemented a test for affected
> servers instead of relying on the version information. This is
> currently active, and non-patched servers in the HKPS pool should
> now show up with an orange flag for the HKPS column.
>
Adding to that, this would also keep servers that are protected due to
the reverse proxy configuration remaining.
- --
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Ad astra per aspera
To the stars through thorns
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJTb+k3AAoJEPw7F94F4TagWbIP/RI6lnVk9SqhcXUdPK5yPaHp
1Nd2ab9b9lSR1zr9WXLmjVmULDjSRI9Fi+iWw9N7LbKaLboB+uGfzKZcbNJES9Ar
PzWBo7I+K4k/HTYJYxfFdvS8VTmaHN5O5rEz4rm+YtIlM2qWUuju5vxFJ3vsdMvF
6dfXvzcP77/whd9yTQJYHDxZpERC+Eqf203DDHS2tFR6pBxQb9ZWsu9klRVmAkLi
bfXEPI2hhfPqon00X0meyPBYJ66hahJvPOLlLAtyIGc3aDpJmQS5nubKb9hahSgf
ucjPfMBAl+J47ZVcabnjlCOuVNdfqXSKfryxV14i6RmT5uBmA+6+3JL4f+e0XrNq
6T2LBpyQiGWzC4iSA35dSdpA96S/izHyLMbrHK0YBZ80SglzFE4e9MssM0dG0W5f
LxM0uY5Hicym0P91TjGA1n5wQMMPMCXCiivmrqSYkrLRvizVGydX0xlIlg+/9M+N
IO0jN2T/yRRMJ5cAiGW6SiUhCottTQjBhxLABR4bDHfaBqC9Ok0Knsqc+In4kd3z
QH+Qhs7nhhb2cDXOFXhkUM3+lJi15nzGxFSEZPmjEu5nEeOJV12fOGGjwrnaLvE8
XvDTTRkF4PXFr6hJtIZAx+YeqGDUS1X92+op1CJ+YTRZgySAeAEuTiVY8X25zds5
5VOUYTzUY9PObgBAZBaq
=CDWl
-----END PGP SIGNATURE-----
Re: [Sks-devel] Changes to sks-keyservers.net pools, Dinko Korunic, 2014/05/06
Re: [Sks-devel] Changes to sks-keyservers.net pools, Daniel Austin, 2014/05/06
Message not available