Re: [Sks-devel] Heartbleed ans HKPS pool

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Heartbleed ans HKPS pool

From:	dirk astrath
Subject:	Re: [Sks-devel] Heartbleed ans HKPS pool
Date:	Wed, 28 May 2014 11:05:04 +0000
User-agent:	Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.0

Hello Kristian,

I hardly think that *any* client has the CA of sks installed per
default (nor would an average client care to).

it is part of gnupg 2.1 [0]

hm ... even if gnugpg 2.1 will check the CRL (i assume, you don't (planto) run an OCSP-server) ...

when i access the keyserver-pool using my browser to have an encryptedchannel to search/upload/... keys, the revocation-status of acertificate should be checked.

currently (without the CRL) the expiration date is the only way mybrowser knows, that the certficate is no longer valid.


... and ... yes ... gnug 2.1 is not "every client" ... ;-)

have a nice day ...

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Sks-devel] Heartbleed ans HKPS pool, (continued)

Prev by Date: Re: [Sks-devel] Heartbleed ans HKPS pool
Next by Date: Re: [Sks-devel] Heartbleed ans HKPS pool
Previous by thread: Re: [Sks-devel] Heartbleed ans HKPS pool
Next by thread: Re: [Sks-devel] Heartbleed ans HKPS pool
Index(es):
- Date
- Thread