[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] redirect http to https?
|
From: |
Kristian Fiskerstrand |
|
Subject: |
Re: [Sks-devel] redirect http to https? |
|
Date: |
Wed, 20 Aug 2014 09:19:38 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 08/19/2014 11:39 PM, Jonathon Weiss wrote:
>
> So, a user suggested that we should redirect all http connections
> to https. The user was clearly confused in a number of ways about
> how the keyservers worked, and his specific examples of why it was
> important were incorrect. That said, there's clearly at least a
> little value in pushing people toward encryption.
>
> So, I was wondering. Has anyone done this? Are there concerns
> about (non-browser) clients using hkp but not supporting re-directs
> or hkps, who would then be unable to use our server? I suppose I
> could consider leaving port 11371 as is, but force re-directs on
> port 80. That would probably satisfy the clueless masses on the
> internet, but would it eliminate any risk of breakage?
I do not think redirecting on port 11371 is appropriate as using HKPS
require supplemental configuration and is not guaranteed to be
supported out of the box by all implementations. iirc there have been
plenty of issues e.g. for debian users without the gnupg-curl package
(i.e using curl-shim rather than a full curl linkage). I do not have
control over which other clients are used, in particular in automated
environments, where I suspect the number of breakage would be highest
and most difficult to deal with.
For port 80 you can do what you want (but the server will dispensary
from the p80 sub-pool in such a case as it isn't actually serving
content on port 80).
- --
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Nosce te ipsum!
Know thyself!
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJT9EwEAAoJEPw7F94F4Tagd0MQALWcK36wQQmp2IrMw2RmEmHn
fpJqXFHb2VljwqZSWSFCuIS3aag/MptzrWQJs2GMEwSadhipghSH3vzFj7k2EgKv
PCjZ4a2IaY/4N6xq8TbdMA25c4cbVu+ZbHrL5/pH3YkycpeyFqEEWMV2S1lojAja
A3VF8GLlIT30EjT228CN3f0RKV1OZSrYjZTMsWc/CxRWagpXO+qXf4dQ84XkZwOn
n4SCff7nvc/P4FMCEL/xXhss4mbItWrhafec+zLPWmPQIwiLkKvVZ3wZ88My7xgZ
xu4WKQeSnFX9HBOY8+GUKxM22CW0laI+woT+1HhhEkDsaK8lg5U81D+3L3vlZZXo
gLUcfOiHMn0PwPOrxQet2r5E/mZJ0PdO8+RxLqSn5TlTqw04pe08aOGWvzcUEpDr
9HZvufvm4PuL2XZB3RFAaxCssRRRt2oCrJEIcY00dJWT0xGw/lpRK3VJI8fdTZXZ
xLhVCsZZy5DRjpTlA9CsdDASq4MIWP1ONg9PXGaWXzZoWwwxzAhqFahg3eDIPvfI
DuPuziU64AAE6k2ljtFJitCxnmHtCdWC1iuKxsoAJgifadGAOZhc8X+qLgujh9wH
dnbZjWQq27NhAINR4aaJEodH5OqKsR1KTZutJaLmovONUI70YSbNBy62fez5ax9e
RZ5s5BXMflk+9mSABKYK
=y3St
-----END PGP SIGNATURE-----