[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Changes to sks-keyservers.net pools
From: |
Jeremy T. Bouse |
Subject: |
Re: [Sks-devel] Changes to sks-keyservers.net pools |
Date: |
Sun, 11 May 2014 19:34:37 -0400 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.4.0 |
On 05/11/2014 05:18 PM, Kristian Fiskerstrand wrote:
> On 05/11/2014 10:43 PM, Kristian Fiskerstrand wrote:
>> On 05/06/2014 02:55 PM, Jeremy T. Bouse wrote:
>>> On 05/06/2014 05:08 AM, Kristian Fiskerstrand wrote:
>>>> Dear lists,
>>>>
>>>> Following the release of SKS 1.1.5[0] the following changes
>>>> will be made to the pools of sks-keyservers.net
>>>>
>>>> subset.pool.sks-keyservers.net has been set to a minimum
>>>> requirement of SKS 1.1.5 with immediate effect.
>>>>
>>>> Due to CVE-2014-3207[1] I want to bump
>>>> hkps.pool.sks-keyservers.net to a requirement of 1.1.5 as this
>>>> can potentially be in another security context / zone, however
>>>> I'm giving this a grace period of (at least) 45-60 days to
>>>> allow server administrators to upgrade their servers.
>>
>> In recognition of package-maintainers backporting the security
>> fixes to older versions of SKS for stable systems I'm revising the
>> latter statement a bit. I have now implemented a test for affected
>> servers instead of relying on the version information. This is
>> currently active, and non-patched servers in the HKPS pool should
>> now show up with an orange flag for the HKPS column.
>>
>
> Adding to that, this would also keep servers that are protected due to
> the reverse proxy configuration remaining.
>
So where are the details on how the reverse proxy can be reconfigured
to mitigate this issue until sks is upgraded? Assuming I'm understanding
your statement correctly.
signature.asc
Description: OpenPGP digital signature
Re: [Sks-devel] Changes to sks-keyservers.net pools, Dinko Korunic, 2014/05/06
Re: [Sks-devel] Changes to sks-keyservers.net pools, Daniel Austin, 2014/05/06
Message not available