[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] hkps certificates
|
From: |
Kristian Fiskerstrand |
|
Subject: |
Re: [Sks-devel] hkps certificates |
|
Date: |
Mon, 13 Jun 2016 10:35:40 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 |
On 06/13/2016 10:05 AM, Kiss Gabor (Bitman) wrote:
> Dear folks,
>
> Let's start thinking about how to issue HKPS certificates in the future.
> I'm afraid Kristian is too busy to do this.
>
I'm not too concerned about it, but keep in mind the primary goal for
that is sufficient participants in the pool, and having expiries and
rotations on different points in time is beneficial to this.
> First: I don't know exactly if sks-keyservers.net CA certificate
> is hardwired into HKPS clients or not? Is it possible to
It is in gnupg since 2.1.11
> change it? Is is possible add more root certificates?
> If yes, we could set up an alternate chain of signatures
> and we can keep the level of HKPS service for users who need it.
>
> Another possible solution: Kristian delegates his authority.
Nah, my reputation is at risk, I don't trust others to do it in name of
myself/service.
--
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP certificate at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
Ubi mel ibi apes
Where there's honey, there are bees
signature.asc
Description: OpenPGP digital signature