Re: [Sks-devel] Status flags are red

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Status flags are red

From:	Daniel Kahn Gillmor
Subject:	Re: [Sks-devel] Status flags are red
Date:	Tue, 29 Oct 2013 12:54:30 -0400
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.0

On 10/28/2013 08:22 PM, Jeremy T. Bouse wrote:

I use StartCom for my SSL CA provider and they allow SANs to be added
for SNI.

I don't think that startcom is an appropriate CA for the currenthkps.pool.sks-keyservers.net. In the current setup, anyone who hasconfigured "keyserver hkps://hkps.pool.sks-keyservers.net" also has"keyserver-options ca-cert-file /some/path/to/sks-keyservers.netCA.pem"(this CA certificate (operated by kristian) can be found via theinstructions at https://sks-keyservers.net/overview-of-pools.php#pool_hkps).

if some of the members of the hkps pool are certified by startcom, andothers are certified by kristian's CA, (and others are certified bystill other CAs?) then people using the pool have to acceptcertifications by more than one CA. Each additional CA we add meansexisting setups need to be reconfigured.


        --dkg

[Prev in Thread]

Current Thread

[Next in Thread]

[Sks-devel] Status flags are red, Kiss Gabor (Bitman), 2013/10/28
- Re: [Sks-devel] Status flags are red, Kristian Fiskerstrand, 2013/10/28
  - Re: [Sks-devel] Status flags are red, Kiss Gabor (Bitman), 2013/10/28
  - Re: [Sks-devel] Status flags are red, Jeremy T. Bouse, 2013/10/28
    - Re: [Sks-devel] Status flags are red, Daniel Kahn Gillmor <=

Prev by Date: [Sks-devel] MD5 hash generation/verify of a public key
Next by Date: Re: [Sks-devel] MD5 hash generation/verify of a public key
Previous by thread: Re: [Sks-devel] Status flags are red
Next by thread: [Sks-devel] reverse proxies and the pool
Index(es):
- Date
- Thread