[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] seeking peers for

From: David Shaw
Subject: Re: [Sks-devel] seeking peers for
Date: Tue, 7 Sep 2010 11:01:14 -0400

On Sep 7, 2010, at 3:21 AM, Gaudenz Steinlin wrote:

> Excerpts from Phil Pennock's message of Die Sep 07 03:26:37 +0200 2010:
>> On 2010-09-06 at 21:03 +0200, Gaudenz Steinlin wrote:
>>> I would be interested to build up a pool of TLS enabled SKS servers
>>> with others. To my knowledge there are currently only two other such
>>> servers ( and The main
>>> problem to solve for this is how to issue certificates for the servers
>>> belonging to the pool. Do others have any ideas on this? 
>> This came up before.  The client needs to support SNI and you need your
>> web-server to support SNI, so that it can issue different certificates
>> for different pools.  Then each pool which issues certificates can issue
>> one to each member of the pool and there is free competition between
>> pools.
> This sounds fairly complicated. I would be perfectly happy to just
> have one pool for TLS as a starting point. This would not need any
> SNI. Each servers hostname could be added as a subject alt name to the
> pool certificate. 
> OTOH it seems that curl already supports SNI. Does this work together
> with gnupg-curl?

If libcurl and whatever underlying SSL library it is built with both support 
SNI, then the hkps code in GnuPG supports SNI.  Those are two ifs, though.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]