[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Dirmngr now supports hkps
From: |
Kristian Fiskerstrand |
Subject: |
Re: [Sks-devel] Dirmngr now supports hkps |
Date: |
Thu, 15 May 2014 17:50:17 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 05/15/2014 12:07 PM, Werner Koch wrote:
> Hi,
>
> thanks for the comments. To get things straight, let me summarize
> my understanding:
>
> For plain HTTP:
>
> - No change to the current code
>
> or
>
> - Resolve the name while following CNAME records to get a list of
> IP addresses. Then connect any server at its IP address but use
> the canonical name of the pool (the one which yields the AAAA
> records) for the Host: header.
>
>
> For HTTPS:
>
> - Resolve the name while following CNAME records to get a list of
> IP addresses. Then connect any server at its IP address but use
> the canonical name of the pool (the one which yields the AAAA
> records) for the Host: header. Use that host: Header name also for
> SNI.
>
>
> In all cases make this the default behaviour if the hkp or the hkps
> is used for the keyserver URL. If http or https is used, do the
> same or use a different approach (e.g. let the DNS resolver
> decide)?
I'd expect the same issues wrt Host: (for virtual hosting sites) for
http and https, as well as SNI for the latter for these protocols as
for hkp(s). The rest sounds good to me.
>
> Use of SRV records is subject to bug 1447 and will be fixed in a
> second step?
This is indeed currently disabled in the pool so it won't create an
issue in the short term and can be postponed to get a working beta out
from my point of view.
- --
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
"We can only see a short distance ahead, but we can see plenty there
that needs to be done."
(Alan Turing)
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJTdOI1AAoJEPw7F94F4Tag0QEQAIwVRNXzYzEwR54Ca1rzaEQA
WsmiMuavhUftBo0af5KxsBizbE2fUbl6atUTOUUJVA5ySIPi9qNrGHPgxu2Ut8V3
Z9m8YJSIGKwc1R2eK3ix0W5UF1bD1pEd8TgAkX79LzqgCGFwuqFBoLBU+iEFD4Vb
puUAdik9UwhkECESW91L6B751v4sUNJulaQGQGmI5FodOfHCow2LaT+rDJ7QhjJa
oyG2cTblq+sy44Sk4/Bhq/2xiZVBXwhGLWl4Stx69LGi2g5qLT+G5loLGTTEqEcn
BsR3uYACa6GKK+TvXJGifBLa9EkcmcfMdienQbfbWutbDuwosq3rY2YBTcPOa+Oc
llqWzD5FNhaRdGojW3LMU4+l2WY3znQsv8jY0I88MDzEnU/prQzZ5s5PB5QS74oC
NRh2GW4dw1DNqBt6/DFLJy7VlA7s9pLrXZbh8vY2iH2ySsMVuOhX9OYFcqljROmr
zG2up5y+X9v5GNpIoejKLpdlVGDiA+3Y1n4OGPQ6whvI8ZvyEg4t+bhAzMxN3Zgh
fLhm5BwmYTvQ45hO+OEjHKd3ugOrM8ZrYe1hQogsKg43Cyj7vRTeXCJRdeywyACS
vKS3lZE/Wu6JhwPbCOz8yp49iIYyrrHK4sXoMZBOZZ9DIybvIX1/LpsEOpPOVpeg
vjjDhvi+DxbOzU12/FZp
=hzwA
-----END PGP SIGNATURE-----
- Re: [Sks-devel] Changes to sks-keyservers.net pools, (continued)
- Re: [Sks-devel] Changes to sks-keyservers.net pools, Daniel Austin, 2014/05/06
- Message not available
- Message not available
- Message not available
- Re: [Sks-devel] Dirmngr now supports hkps, Kristian Fiskerstrand, 2014/05/07
- Re: [Sks-devel] Dirmngr now supports hkps, Werner Koch, 2014/05/07
- Re: [Sks-devel] Dirmngr now supports hkps, Kristian Fiskerstrand, 2014/05/07
- Re: [Sks-devel] Dirmngr now supports hkps, Phil Pennock, 2014/05/08
- Re: [Sks-devel] Dirmngr now supports hkps, James Cloos, 2014/05/08
- Re: [Sks-devel] Dirmngr now supports hkps, Werner Koch, 2014/05/15
- Re: [Sks-devel] Dirmngr now supports hkps, Werner Koch, 2014/05/19
- Re: [Sks-devel] Dirmngr now supports hkps, Daniel Kahn Gillmor, 2014/05/09
- Re: [Sks-devel] Dirmngr now supports hkps, Werner Koch, 2014/05/15
- Re: [Sks-devel] Dirmngr now supports hkps,
Kristian Fiskerstrand <=