[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] sks-keyservers.net New HKPS subpool added
|
From: |
Kristian Fiskerstrand |
|
Subject: |
Re: [Sks-devel] sks-keyservers.net New HKPS subpool added |
|
Date: |
Mon, 08 Oct 2012 19:44:18 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120912 Thunderbird/15.0.1 |
On 10/07/2012 03:18 AM, Phil Pennock wrote:
> On 2012-10-06 at 11:12 +0200, Stephan Seitz wrote:
>> I'ld like to add ssl to my server, but prior I'm afraid I need a few
>> questions answered.
>> If I'm going to install a self-signed *.pool.sks-keyservers.net, that
>> CRT wouldn't have any reputation. As long as there's no additional trust
>> added (e.g. via monkeysphere), one main purpose of certificates, the
>> knowledge of talking to the right server, isn't given.
>
> I think that self-signed is out. But if the pool server operator issues
> certs, given a CSR from you, then all certs are valid given a trust in
> the CA which is the pool server operator.
>
> If Kristian decides that he wants to take on this work, and figure out a
> safe way of managing key storage, then we can talk to the GnuPG folks
> about getting his private CA cert (created for this) shipped with GnuPG
> as an additional trust anchor. It doesn't need to be a system cert,
> just something which that application uses.
>
Ok, I think I'm getting closer to having a working setup for a CA here
using subjectAltNames for hkps.pool.sks-keyservers.net
The current CA cert is available at [0] and I only currently sign
https://keys.kfwebs.net:11375 and https://keys2.kfwebs.net.
Anyone up for some testing?
[0] https://sks-keyservers.net/sks-keyservers.netCA.pem
--
----------------------------
Kristian Fiskerstrand
http://www.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Nulla regula sine exceptione
No rule without exception
----------------------------
This email was digitally signed using the OpenPGP
standard. If you want to read more about this
The book: Sending Emails - The Safe Way: An
introduction to OpenPGP security is
available in both Amazon Kindle and Paperback
format at
http://www.amazon.com/dp/B006RSG1S4/
----------------------------
Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/
signature.asc
Description: OpenPGP digital signature
- [Sks-devel] sks-keyservers.net New HKPS subpool added, Kristian Fiskerstrand, 2012/10/05
- Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Phil Pennock, 2012/10/05
- Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Daniel Kahn Gillmor, 2012/10/06
- Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Stephan Seitz, 2012/10/06
- Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Phil Pennock, 2012/10/06
- Re: [Sks-devel] sks-keyservers.net New HKPS subpool added,
Kristian Fiskerstrand <=
- Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Kristian Fiskerstrand, 2012/10/08
- Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Phil Pennock, 2012/10/08
- Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Kristian Fiskerstrand, 2012/10/08
- Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Phil Pennock, 2012/10/08
- Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Kristian Fiskerstrand, 2012/10/08
- Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Phil Pennock, 2012/10/08
- Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Kristian Fiskerstrand, 2012/10/08
- Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Kristian Fiskerstrand, 2012/10/08
- Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Phil Pennock, 2012/10/08
- Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Kristian Fiskerstrand, 2012/10/08