|
From: | dirk astrath |
Subject: | Re: [Sks-devel] Fwd: Re: Unde(r)served HKPS [was: Underserved areas?] |
Date: | Sun, 14 Jan 2018 09:38:48 +0000 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 |
Hello,
For your Keyserver you can use a Certificate issues by any CA as long as it should not contain one of the pool names. On my server I decided to use Let's Encrypt.You can of course but certificate validation will fail if the user comes to you through the pool hostname. It's ugly, impolite and just rude to confront the user with such a message. And a web-of-trust that greets it's users with a this-site-is-not-trusted message ist just stupid.
Wrong.If you use SNI, you can serve the LE-certificate for your server-name(s) and the "Kristian-CA" for the poolserver-name(s).
Kind regards, dirk
[Prev in Thread] | Current Thread | [Next in Thread] |