Re: [Sks-devel] sks-keyservers.net New HKPS subpool added

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] sks-keyservers.net New HKPS subpool added

From:	Daniel Kahn Gillmor
Subject:	Re: [Sks-devel] sks-keyservers.net New HKPS subpool added
Date:	Sat, 06 Oct 2012 02:28:11 -0400
User-agent:	Mozilla/5.0 (X11; Linux i686; rv:10.0.7) Gecko/20120922 Icedove/10.0.7

On 10/05/2012 06:23 PM, Phil Pennock wrote:
> Speaking for myself, I only use TLSv1+ and my nginx is built with SNI
> support, so if you want to figure out a policy for handing out certs, I
> can add a new cert for SNI hostnames in *.pool.sks-keyservers.net.

alternately (or in addition?), we could use monkeysphere and the hkpms
gpg keyserver handler, which would let us trivially add extra hostnames
to each keyserver's certificate (an OpenPGP certificate, not X.509).

Those of us who run servers in the pool or who are interested in keeping
track of the players here could cross-verify each others' certificates,
and end users who know or are willing to rely on us could verify them
that way, while setting

   keyserver hkpms://hkps.pool.sks-keyservers.net

in ~/.gnupg/gpg.conf.

I'm happy to help people walk through those steps if they want, and if
people think that's a reasonable idea.

if people don't think it's a reasonable idea, i'd be interested to hear
the reasons for that too.

thanks for setting up the pool, kristian!

        --dkg

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Sks-devel] sks-keyservers.net New HKPS subpool added, Kristian Fiskerstrand, 2012/10/05
- Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Phil Pennock, 2012/10/05
  - Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Daniel Kahn Gillmor <=
    - Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Stephan Seitz, 2012/10/06
    - Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Phil Pennock, 2012/10/06
    - Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Kristian Fiskerstrand, 2012/10/08
    - Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Kristian Fiskerstrand, 2012/10/08
    - Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Phil Pennock, 2012/10/08
    - Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Kristian Fiskerstrand, 2012/10/08
    - Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Phil Pennock, 2012/10/08
    - Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Kristian Fiskerstrand, 2012/10/08
    - Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Phil Pennock, 2012/10/08
    - Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Kristian Fiskerstrand, 2012/10/08

Prev by Date: Re: [Sks-devel] sks-keyservers.net New HKPS subpool added
Next by Date: Re: [Sks-devel] sks-keyservers.net New HKPS subpool added
Previous by thread: Re: [Sks-devel] sks-keyservers.net New HKPS subpool added
Next by thread: Re: [Sks-devel] sks-keyservers.net New HKPS subpool added
Index(es):
- Date
- Thread