Re: [Sks-devel] sks-keyservers.net New HKPS subpool added

[Kristian Fiskerstrand]

On 10/08/2012 11:01 PM, Kristian Fiskerstrand wrote:
> On 10/08/2012 10:49 PM, Phil Pennock wrote:
>> On 2012-10-08 at 22:12 +0200, Kristian Fiskerstrand wrote:
>>> Lovely! Must admit my setup is a tad more plain than that (just using
>>> nginx in front of SKS) :) Will be interesting to see how that goes.
>>
>> Mine too.
> 
> ...
> 
>>
>> So, assuming that GnuPG is also doing the right thing with SRV-based
>> lookups, I think that the certificate side of things is working.
>>
> 
> At least that is a good thing in all this :)
> 
>> Unfortunately, with an https: keyserver, GnuPG is sending a request for
>> "/" instead of "/pks/lookup?..." :(
>>
>> If I do:
>> % unbound-control local_data
>> % _pgpkey-https._tcp.hkps.pool.sks-keyservers.net SRV 10 10 443 
>> sks.spodhuis.org
>> ok
>>
>> and specify "keyserver hkps://hkps.pool.sks-keyservers.net" in
>> ~/.gnupg/gpg.conf, then I find that GnuPG has a security bug!
>>
> 

Just a point I forgot in my latest email. I'm checking port 443 by
default if there is no SRV record. So you should be able to just remove
this in your setup.


-- 
----------------------------
Kristian Fiskerstrand
http://www.sumptuouscapital.com
Twitter: @krifisk
----------------------------
"Great things are not accomplished by those who yield to trends and fads
and popular opinion."
(Jack Kerouac)
----------------------------
This email was digitally signed using the OpenPGP
standard. If you want to read more about this
The book: Sending Emails - The Safe Way: An
introduction to OpenPGP security is
available in both Amazon Kindle and Paperback
format at
http://www.amazon.com/dp/B006RSG1S4/
----------------------------
Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/

signature.asc
Description: OpenPGP digital signature