-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 02/23/2013 05:28 AM, Rafael wrote:
> This is to do some kind of enssurence in the key validation to a
> small group of users. For instance, anyone can generate a public
> key with my email address, and if someone gets my email password he
> can send it saying that is me. We want to ensure to this small
> group that those keys really belong to those people,
...
Normally you'd use a certificate authority (CA) for this. Why not set
up such an entity and sign the user's keys assigning full ownertrust
to the CA?
>
> We actually did it. With the "string match" of iptables, we drop
> any request having the string "/pks/add". I think its not the best
> solution, but it worked for us.
Why not just adding it to the reverse proxy that should be in front of
SKS in the first place?
Hth
- --
- ----------------------------
Kristian Fiskerstrand
Twitter: @krifisk
- ----------------------------
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Fabricando fit faber
Practice makes perfect
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.0-beta145 (GNU/Linux)
iQIcBAEBCAAGBQJRKKDxAAoJEAt/i2Dj7frjZfMQAK6x/8c/BgWQDdUCAyN/DNFZ
zLojGwZGgKcV17H8llYrpMfoRghrXadnjpIDfQc8R1qRw10D85v/FBQUbbTojkG9
KKsWnNFnPepRdvfbli4xEu6T9xmLPbBQHGpvOLA6bOvSlnxK0lx4YCoWQTYWJeuf
CaLOLspyF28fKkrAx12K9ItV6J5eA+l1Db3I2ZuP8j/vzRrY7phrU5bnLeV8s+si
KptvpKbd5fP2BKZjQ0eOVTe4qMyuo+YyA8+1J7ccuMrSk0+eKI5P++B/qJLAAbJv
U3t9YlMzDVVTtA/uwmYt8uZ0P726VCazHp8iV4Mxy1/fwbYBNsl/pfbp6JZ1wo8Y
Q7k+Isrco6VD9LZV3cdipN+keswdD18kC3nZO4Hmhay+B+1lvGQ7LfjzpvXWi5ro
mxS91cpQjO83Ih7k1+8NITedrn3h83AiMg3URMv4ArebipM1bga8zwNcnGkWZUOx
4WfWmzarNFkKIky5gCmg1K6V77SpiItlyQCmWP2v9IqSZIe9xxFc/el8jkPqaPfp
cTxEJojALKQALyS7UyOgAG6hy/sZQy5Ne29cxxQlUs6tRV53MxnxgCuMfi89jUJ3
Xnre5nU3tSB8New9Rl/HAhPuu0fiidXukJxpxmWQ2ihi6YsD7PllErfkVHr1ympl
Q0g/s2i6hIvMSYd50ZAs
=NPe4
-----END PGP SIGNATURE-----