[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Heartbleed ans HKPS pool
|
From: |
Kristian Fiskerstrand |
|
Subject: |
Re: [Sks-devel] Heartbleed ans HKPS pool |
|
Date: |
Wed, 28 May 2014 12:24:09 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 05/27/2014 11:41 PM, Andrew Alderwick wrote:
> Dear Rolf,
>
> On Tue, May 27, 2014 at 10:18:31PM +0200, Rolf Wuerdemann wrote:
>> Am 27.05.2014 17:41, schrieb Kristian Fiskerstrand:
>>> On 05/27/2014 05:00 PM, Daniel Kahn Gillmor wrote:
>>>> To check the inclusion of your server in the hkps pool, look
>>>> at the HKPS column of:
>>>>
>>>> https://sks-keyservers.net/status/
>>
>> Could you please explain the color-codes (on the page?).
>> Red/green is obvious, but I don't know where this "orange" color
>> for hkps sites comes from (SNI?)
>
> Orange under the hkps column means that the server is vulnerable
> to CVE-2014-3207, which has been patched in SKS 1.1.5 [1,2].
>
> The vulnerability isn't limited to hkps, but Kristian will at some
> point make 1.1.5 a requirement for being part of the hkps pool [3].
> So the orange is left undocumented as it's intended as a temporary
> warning to admins (such as me!) who are yet to update their
> servers.
>
To clarify, I updated the statement a bit on [0,1] so that servers on
older versions with backported security patch or behind a mitigating
reverse proxy configuration will still be included, this is handled by
the pool software and why some HKPS are flagged green despite being <1.1.5
References:
[0] http://lists.nongnu.org/archive/html/sks-devel/2014-05/msg00056.html
[1] http://lists.nongnu.org/archive/html/sks-devel/2014-05/msg00057.html
- --
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
"Great things are not accomplished by those who yield to trends and
fads and popular opinion."
(Jack Kerouac)
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJThblJAAoJEPw7F94F4TagQqMQAJPH4vqP8feK6G+KRgXgO2hX
74Y1cgGokt9tSHmnqBHPzCPE2fjCvEotCVGm3UxZWfUPc6S2Z+kFAjmBrrFLYRqE
bdG5vREw1i9Rhk20qxFbK2+NZQZHmmt1vEovH6F/t4DDvdQaC8y9H7vr6Ig/r79b
D8zYd++12++s6Fva8eamJbSM6XrPt2kpzb3HiMQ4SLahTzaIclV46ia7QVl5RBlY
ZpgYjZZtQsAlIf1pC03+TVDAJtM8UWm/SxwT5fQ6cX9HFOUdpJqysm02Z0NL3TGS
6GqwrRJnRnfrwSXagkSGuJCAnr1RJFtd5ijudP5g/Mmavtiq21hpaFRQKpaJXE3A
PMqe0jO3gKYOoXnNagYlsaU2Y+m0UqrUdgF4hiB6DwbXewvO0epnv99TMrxSw3Bw
upwFiCkcGR11YtJvbkQ9bWaSpKucMo9g8Fo8zKLt9pqbJ7MeqX2Sm8wGISx/x+Ot
dCDxI4xEPhrcBGO1PXozJS3CCtmaOUaxBZLiuwk0BTQoGDnLg8WDUPow9KQ66XNf
u4XbosTDfRjE+0jAAm0HG2g8yrRaF9jYb7qk8rQIr2SHj/xrmgzC6mbqe1TCgnl4
51JeOPAHgIEnRA7YDINhfIGs0C+9xSNGm4dJuuNOwF6Iar16WsrtIIBAk7gZOcOi
cgCyqJhTfZBjx0JmVHec
=IoSI
-----END PGP SIGNATURE-----
Re: [Sks-devel] Heartbleed ans HKPS pool, dirk astrath, 2014/05/27
- Re: [Sks-devel] Heartbleed ans HKPS pool, Christian, 2014/05/28
- Re: [Sks-devel] Heartbleed ans HKPS pool, Kristian Fiskerstrand, 2014/05/28
- Re: [Sks-devel] Heartbleed ans HKPS pool, Christian Reiß, 2014/05/28
- Re: [Sks-devel] Heartbleed ans HKPS pool, dirk astrath, 2014/05/28
- Re: [Sks-devel] Heartbleed ans HKPS pool, Kristian Fiskerstrand, 2014/05/28
- Re: [Sks-devel] Heartbleed ans HKPS pool, dirk astrath, 2014/05/28