Re: [Sks-devel] details to configure SKS https web interface

[Kiss Gabor (Bitman)]

On Sat, 7 Mar 2009, Daniel Kahn Gillmor wrote:
> On 03/07/2009 03:03 PM, Joseph Oreste Bruni wrote:
> > On Mar 7, 2009, at 8:11 AM, Gab wrote:
> >> I wish to in https ssl the sks web interface .
> >> What are the directives for cert.pem and key.pem and to enable ssl ?
> > 
> > I don't believe that the built-in web server supports SSL. However, you
> > could front-end SKS with Apache configured as a proxy.

> We chose to listen on port 443 so people could browse to it with
> https://zimmermann.mayfirst.org/  (the X.509 certificate offered here is
>  signed by a private certificate authority [0], which i have also
> signed, if you care to certify it)

Folks,

I wonder what is the advantage of SSL in case of key servers?

The information transferred is not secret therefore no need of encryption.

It is no use to prove identity of the key server because anyone can 
set up a well known key server with fake data. (BTW. Certificate
of zimmermann.mayfirst.org is signed by a CA unknown to my browser. :-)

PGP keys verifies each others' integrity. All elements of the whole system
(including DNS, communication links, key servers and users sending
in fake keys) are untrusted.

Then why?

Gabor