Re: [Sks-devel] Heartbleed ans HKPS pool

[Andrew Alderwick]

Dear Rolf,

On Tue, May 27, 2014 at 10:18:31PM +0200, Rolf Wuerdemann wrote:
> Am 27.05.2014 17:41, schrieb Kristian Fiskerstrand:
> > On 05/27/2014 05:00 PM, Daniel Kahn Gillmor wrote:
> > > To check the inclusion of your server in the hkps pool, look at the
> > > HKPS column of:
> > >
> > > https://sks-keyservers.net/status/
>
> Could you please explain the color-codes (on the page?).
> Red/green is obvious, but I don't know where this "orange"
> color for hkps sites comes from (SNI?)

Orange under the hkps column means that the server is vulnerable to 
CVE-2014-3207, which has been patched in SKS 1.1.5 [1,2].

The vulnerability isn't limited to hkps, but Kristian will at some point 
make 1.1.5 a requirement for being part of the hkps pool [3]. So the 
orange is left undocumented as it's intended as a temporary warning to 
admins (such as me!) who are yet to update their servers.

Thanks,
Andy

[1] http://lists.nongnu.org/archive/html/sks-devel/2014-05/msg00000.html
[2] http://lists.nongnu.org/archive/html/sks-devel/2014-05/msg00026.html
[3] http://lists.nongnu.org/archive/html/sks-devel/2014-05/msg00033.html

signature.asc
Description: Digital signature