Re: [Sks-devel] details to configure SKS https web interface

[David Shaw]

On Mar 8, 2009, at 3:13 AM, Kiss Gabor (Bitman) wrote:

> On Sat, 7 Mar 2009, Daniel Kahn Gillmor wrote:
> > On 03/07/2009 03:03 PM, Joseph Oreste Bruni wrote:
> > > On Mar 7, 2009, at 8:11 AM, Gab wrote:
> > > > I wish to in https ssl the sks web interface .
> > > > What are the directives for cert.pem and key.pem and to enable  
> > > > ssl ?
> > >
> > > I don't believe that the built-in web server supports SSL.  
> > > However, you
> > > could front-end SKS with Apache configured as a proxy.
>
> > We chose to listen on port 443 so people could browse to it with
> > https://zimmermann.mayfirst.org/  (the X.509 certificate offered  
> > here is
> > signed by a private certificate authority [0], which i have also
> > signed, if you care to certify it)
>
> Folks,
>
> I wonder what is the advantage of SSL in case of key servers?
>
> The information transferred is not secret therefore no need of  
> encryption.

This is true, but that does not mean it isn't private.  Without SSL,  
someone could sniff on the wire and find out what key you were  
requesting.

(There are other reasons, but simple privacy is a good one)

David