[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Implications of GDPR
|
From: |
Kristian Fiskerstrand |
|
Subject: |
Re: [Sks-devel] Implications of GDPR |
|
Date: |
Mon, 30 Apr 2018 14:12:55 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 |
On 04/30/2018 01:59 PM, Andrew Gallagher wrote:
> Certificate validation may also be an issue, because many HTTPS pool
> members only have the pool SSL certificate - which won't validate in the
> normal manner when bypassing the pool round-robin.
The certs includes CN and SANs for the keyserver, so it could still be
used in this scenario, actually. The SNI setups I've seen with deviating
handling use e.g letsencrypt cert when doing direct keyserver request,
but that would still validate.
But you'd potentially also have issues with keydumps as well as split
pools serving different keyblocks depending on which server you hit - so
I believe the underlying question is more complex than just throwing
https on it, although it is certainly possible to do so.
Immediately it sounds like just increasing the overhead without much
value added though (the data is public anyways), but the whole GDPR is a
mess to begin with.
--
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
"Expect the best. Prepare for the worst. Capitalize on what comes."
(Zig Ziglar)
signature.asc
Description: OpenPGP digital signature