[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Heartbleed ans HKPS pool
From: |
Kristian Fiskerstrand |
Subject: |
Re: [Sks-devel] Heartbleed ans HKPS pool |
Date: |
Wed, 28 May 2014 12:11:08 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 05/28/2014 08:30 AM, Christian wrote:
> Hey,
>
> and while we are on the subject: If I install my Class 2 (!) OV
> Certificate from startssl the hkps button changes red. A valid
> certificte is not valid. I can understand that self-signed
> certificates will turn the hkps indicator red, but why don't we
> accept OV certificates that every client will accept in the first
> place?
They will not be able to issue a certificate related to
hkps.pool.sks-keyservers.net as CN or subjectAltName, i.e. the
validation on a pool would fail.
>
> I hardly think that *any* client has the CA of sks installed per
> default (nor would an average client care to).
it is part of gnupg 2.1 [0]
>
> And the validation von sks CA is the save as a Class 1 DV
> certificate.
>
>
> tl;dr: We should allow valid signed certificates by default,
> alongside of the SKS Ca and only turn the button red on self-signed
> (or invalids).
>
Users are free to choose any server they want.
References
[0]
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=dirmngr/sks-keyservers.netCA.pem;h=24a2ad2e8e39498b4842bd31689f230148d08693;hb=refs/heads/master
- --
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Ubi mel ibi apes
Where there's honey, there are bees
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJThbY4AAoJEPw7F94F4TagFSQP/0HdW23IqAslOgiDUQEFICAu
Okprf1lKxZSvozaF+KujKWMFzwHhuaq0QfALX7gm5CYVI23HO8W5i+cP+UNZWiTr
Ey1z1tR8gUXImXS0mjGE3RBo8E6Y1aLUXYBYhXD8dJaHtMHSAIbw+MMS/LljRUPW
FQIQb2yHq0tWWG7bcrMjA6TGEe41GtgEJQo9saJI0mR11OgmlEx4WFbPU7zwkWr+
6ZaAj6hiqX3Bn22jSxXs+zC6DCwdcpKFdJJWfG9zimNiHFBquihfnTukmUYCQ2UI
wPARBDq+yIvAwhvWBmbmq/QtiqAGzbsEi8fGojTkpC2jq3yMI4iOI9qeE5O66WVt
TshtCLmZt9v05DKXiMXbWmE8TpDLOKpc1tXSHzxcu/TB1DY48CZMJkIdGzCRyMWy
b9F0tAAKuWqybtsJ3Nehzkh6gdgfo1Qo6g9Qcki153qeuyMUMJyHq9nNg9Xwu9uF
0OvLdF2joUmGkuE1orDmq95PzT7PKBXis2eyVyaSqqu6ctNgbbF0+Eg3pgO8pofQ
8kL/zYEcOT4lRkDF0K32WUak1rWse7vhUOg7UTgSLD43N+RIFOwUzPfdJ7Jqe2rV
/TwT50wyy5QTFNHSzPNRjPRXcwG6ROc3QjUjS2nWfW+h/G8s0/6oGV5oxLBeiKF0
LhNlkTnLpN8LOowc/bwP
=Qy7y
-----END PGP SIGNATURE-----
- Re: [Sks-devel] Heartbleed ans HKPS pool, (continued)
- Re: [Sks-devel] Heartbleed ans HKPS pool, Kristian Fiskerstrand, 2014/05/24
- Re: [Sks-devel] Heartbleed ans HKPS pool, Dmitry Yu Okunev (pks.mephi.ru), 2014/05/27
- Re: [Sks-devel] Heartbleed ans HKPS pool, Daniel Kahn Gillmor, 2014/05/27
- Re: [Sks-devel] Heartbleed ans HKPS pool, Kristian Fiskerstrand, 2014/05/27
- Re: [Sks-devel] Heartbleed ans HKPS pool, Rolf Wuerdemann, 2014/05/27
- Re: [Sks-devel] Heartbleed ans HKPS pool, Andrew Alderwick, 2014/05/27
- Re: [Sks-devel] Heartbleed ans HKPS pool, Kristian Fiskerstrand, 2014/05/28
- Re: [Sks-devel] Heartbleed ans HKPS pool, Gabor Kiss, 2014/05/28
Re: [Sks-devel] Heartbleed ans HKPS pool, dirk astrath, 2014/05/27
- Re: [Sks-devel] Heartbleed ans HKPS pool, Christian, 2014/05/28
- Re: [Sks-devel] Heartbleed ans HKPS pool,
Kristian Fiskerstrand <=
- Re: [Sks-devel] Heartbleed ans HKPS pool, Christian Reiß, 2014/05/28
- Re: [Sks-devel] Heartbleed ans HKPS pool, dirk astrath, 2014/05/28
- Re: [Sks-devel] Heartbleed ans HKPS pool, Kristian Fiskerstrand, 2014/05/28
- Re: [Sks-devel] Heartbleed ans HKPS pool, dirk astrath, 2014/05/28