[Sks-devel] Re: details to configure SKS https web interface

[Gab]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

David Shaw wrote:
> On Mar 8, 2009, at 3:13 AM, Kiss Gabor (Bitman) wrote:
> 
>> On Sat, 7 Mar 2009, Daniel Kahn Gillmor wrote:
>>> On 03/07/2009 03:03 PM, Joseph Oreste Bruni wrote:
>>>> On Mar 7, 2009, at 8:11 AM, Gab wrote:
>>>>> I wish to in https ssl the sks web interface .
>>>>> What are the directives for cert.pem and key.pem and to enable ssl ?
>>>>
>>>> I don't believe that the built-in web server supports SSL. However, you
>>>> could front-end SKS with Apache configured as a proxy.
>>
>>> We chose to listen on port 443 so people could browse to it with
>>> https://zimmermann.mayfirst.org/  (the X.509 certificate offered here is
>>> signed by a private certificate authority [0], which i have also
>>> signed, if you care to certify it)
>>
>> Folks,
>>
>> I wonder what is the advantage of SSL in case of key servers?
>>
>> The information transferred is not secret therefore no need of
>> encryption.
> 
> This is true, but that does not mean it isn't private.  Without SSL,
> someone could sniff on the wire and find out what key you were requesting.
> 
> (There are other reasons, but simple privacy is a good one)
> 
> David
> 
> 
> 
What gabor says is true in part , but is best to make sure no one sniff
your key activities and open the possibility of a pgpkeyspoof and as
like threats ... IMO :).
Gab

- --
sec   1024D/BC4F9423 2008-12-05
      Key fingerprint = 36C6 E257 2801 46E7 69A7  8721 F502 1342 BC4F 9423
uid                  Gabriele XXX (Mail Account Autistici)
<address@hidden>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREKAAYFAkm6A0oACgkQ9QITQrxPlCO/NACg5QCBIPlHYQUJUZokcOwEff2C
a0cAoIkBUESh7HtT2AldQRj2lZa0lOXf
=uZAo
-----END PGP SIGNATURE-----