Re: [Sks-devel] sks-keyservers.net New HKPS subpool added

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] sks-keyservers.net New HKPS subpool added

From:	Stephan Seitz
Subject:	Re: [Sks-devel] sks-keyservers.net New HKPS subpool added
Date:	Mon, 08 Oct 2012 23:32:01 +0200


Am Montag, den 08.10.2012, 23:09 +0200 schrieb Kristian Fiskerstrand:

> > 
> >> I already use namebased vhosts (thank's for your explanation of TLS,
> >> phil), so I could configure two proxies which are identical despite the
> >> hostname and the certificates. That way, I would use two different
> >> keys / crts without the need for subjectAltName.
> >>
> > 
> > Again, yup
> > 
> 
> Agreed too quickly there, you'll still need to generate a new CSR from
> your private key that I can sign, where I'll add a subjectAltName, but
> in that setup only the subjectAltName will ever be used, as the primary
> host will be handled by your setup and different cert.

Ah, I see. So I'm going to send you a csr in a few minutes ;)

Just to get it right,
        dig +short A hkps.pool.sks-keyservers.net
shows some pool IP's, tho the expected servername is
hkps.pool.sks-keyservers.net

        dig +short srv _pgpkey-https._tcp.hkps.pool.sks-keyservers.net
shows redirections to other servers, so clients doing a srv query are
expecting the redirected hostname.

signature.asc
Description: This is a digitally signed message part

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, (continued)

Prev by Date: Re: [Sks-devel] sks-keyservers.net New HKPS subpool added
Next by Date: Re: [Sks-devel] sks-keyservers.net New HKPS subpool added
Previous by thread: Re: [Sks-devel] sks-keyservers.net New HKPS subpool added
Next by thread: Re: [Sks-devel] sks-keyservers.net New HKPS subpool added
Index(es):
- Date
- Thread