Re: [Sks-devel] sks-keyservers.net New HKPS subpool added

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] sks-keyservers.net New HKPS subpool added

From:	Phil Pennock
Subject:	Re: [Sks-devel] sks-keyservers.net New HKPS subpool added
Date:	Mon, 8 Oct 2012 14:08:52 -0700

On 2012-10-08 at 23:01 +0200, Kristian Fiskerstrand wrote:
> That seems like another bug to add to the SRV port not being used for
> SRV handling. Are you sending it over to gnupg-{users,devel}?

I just filed a bug:

  https://bugs.g10code.com/gnupg/issue1447

> I'll have to remove the SRV record for keys.kfwebs.net for the pool to
> function correctly at the moment, as this is not handled. But that bug
> has already been reported upstream.
> 
> Any thoughts on how I should proceed? Should I disable the cert check in
> my crawler so that all hkps servers show up for now until some more of
> the server operators (presuming they want to) generate CSRs, or, given
> the young nature of this pool, would it be OK to just grow organically?

I think we should leave the cert check in, _if_ you can ensure that
you're sending SNI of "hkps.sks-keyservers.net", to retrieve the correct
cert from the server.

Then let it grow, and note that this pool is only going to be usable
with bug-fixed GnuPG.

-Phil

pgpYAoTHKE1js.pgp
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, (continued)

Prev by Date: Re: [Sks-devel] sks-keyservers.net New HKPS subpool added
Next by Date: Re: [Sks-devel] sks-keyservers.net New HKPS subpool added
Previous by thread: Re: [Sks-devel] sks-keyservers.net New HKPS subpool added
Next by thread: Re: [Sks-devel] sks-keyservers.net New HKPS subpool added
Index(es):
- Date
- Thread