[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Heartbleed ans HKPS pool
From: |
Kristian Fiskerstrand |
Subject: |
Re: [Sks-devel] Heartbleed ans HKPS pool |
Date: |
Wed, 28 May 2014 14:09:54 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 05/28/2014 01:05 PM, dirk astrath wrote:
> Hello Kristian,
>
>>> I hardly think that *any* client has the CA of sks installed
>>> per default (nor would an average client care to).
>> it is part of gnupg 2.1 [0]
>
> hm ... even if gnugpg 2.1 will check the CRL (i assume, you don't
> (plan to) run an OCSP-server) ...
>
> when i access the keyserver-pool using my browser to have an
> encrypted channel to search/upload/... keys, the revocation-status
> of a certificate should be checked.
>
> currently (without the CRL) the expiration date is the only way my
> browser knows, that the certficate is no longer valid.
>
> ... and ... yes ... gnug 2.1 is not "every client" ... ;-)
>
> have a nice day ...
>
The CRL is published on [0] as stated on [1]. You are correct that for
a few of the later certs no CRL has been published along the cert (mea
cupla - I made in my config file). However if you see e.g [2] the CRL
distribution point is back in the certs.
References:
[0] https://sks-keyservers.net/ca/crl.pem
[1] https://sks-keyservers.net/overview-of-pools.php
[2] https://keys.digitalis.org/
- --
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Testis unus, testis nullus
A single witness is no witness
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJThdIOAAoJEPw7F94F4TagCu4P/1BXlwftSFlH+IHi0F3oCPTP
Ez+mmNZXViJXP7y9SVZAze1NfMy8XqbDSaLblDDLu+GeJ0ejYXBstRAMFb2imPER
7wVM3Ql9l6G1GDC6mmIGEFvzbyH5jo4gGivDgPySWgmstNo8uoGAOcCNHq5i4LjR
F+i4t4z1Sa+fa0HZ5tqFtdRo+vVreoSP4xgsK7jIho9uGgb+XBm9ndJC91IlC4YC
p3YVyNG+Co1BQGRnmybh9OBV/gcoScL/13XZB/RhF58DPfN9KJXp0+u1YDZGOHvH
tyKD2xBsQcDnw7ME/JYrEjR3GHv15w9BRHUy3045I8BonYHQNX8lpOo17j6QzpZi
eaMF8B1GEgyn+NBfGLaeEIU+kDiCDDhKoZep0y3kJn7XSzsfThrAjq0ygH02b3WM
lrF1HKSvAhzA+l21rnbuQUwjM+EHQa28ytfxdCoZ0wqs+SHyO111fGVH9+X1WTu6
VyOQZLA8H9bqQm6jlJdxcX16Jo/tyMZJ61d/TRoII7bqK0mE5tvUiD4Wvn9qR5pt
0U+2csTC5/Vly0FF6iN6a3IgtyM8/+9XiS9PWVAvt8b6SGgE6jUyTbtJcR4oi+Mv
d3R5xUkIfx6dgeYB2Se0NRZI1lJeoCq4QXzmF1L+o1NDriFsIFReMqmZPuuQKknP
I8Bt3mY9SzD7tRWOC0nE
=U8KQ
-----END PGP SIGNATURE-----
Re: [Sks-devel] Heartbleed ans HKPS pool, dirk astrath, 2014/05/27
- Re: [Sks-devel] Heartbleed ans HKPS pool, Christian, 2014/05/28
- Re: [Sks-devel] Heartbleed ans HKPS pool, Kristian Fiskerstrand, 2014/05/28
- Re: [Sks-devel] Heartbleed ans HKPS pool, Christian Reiß, 2014/05/28
- Re: [Sks-devel] Heartbleed ans HKPS pool, dirk astrath, 2014/05/28
- Re: [Sks-devel] Heartbleed ans HKPS pool,
Kristian Fiskerstrand <=
- Re: [Sks-devel] Heartbleed ans HKPS pool, dirk astrath, 2014/05/28