sks-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] seeking peers for keyserver.durcheinandertal.ch


From: Kristian Fiskerstrand
Subject: Re: [Sks-devel] seeking peers for keyserver.durcheinandertal.ch
Date: Tue, 07 Sep 2010 17:19:42 +0200
User-agent: Thunderbird 2.0.0.12 (X11/20080305)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Gaudenz Steinlin wrote, On 09/07/2010 09:21 AM:
> Excerpts from Phil Pennock's message of Die Sep 07 03:26:37 +0200 2010:
>> On 2010-09-06 at 21:03 +0200, Gaudenz Steinlin wrote:
>>> I would be interested to build up a pool of TLS enabled SKS servers
>>> with others. To my knowledge there are currently only two other such
>>> servers (zimmermann.mayfirst.org and keys.indymedia.org). The main
>>> problem to solve for this is how to issue certificates for the servers
>>> belonging to the pool. Do others have any ideas on this? 
>> This came up before.  The client needs to support SNI and you need your
>> web-server to support SNI, so that it can issue different certificates
>> for different pools.  Then each pool which issues certificates can issue
>> one to each member of the pool and there is free competition between
>> pools.
> 
> This sounds fairly complicated. I would be perfectly happy to just
> have one pool for TLS as a starting point. This would not need any
> SNI. Each servers hostname could be added as a subject alt name to the
> pool certificate. 
> 
> OTOH it seems that curl already supports SNI. Does this work together
> with gnupg-curl?
> 
>> After that, you "just" sort out a CA, the software to build the pool and
>> find a group of people willing to go along with each installing an extra
>> certificate to be used when accessed via that pool's service
>> hostname.
> 
> Is anyone willing to try to setup an experimental pool? Would it be
> possible to setup tls.pool.sks-keyservers.net (or similar) for this or
> should this be done outside of sks-keyservers.net during the
> experimental phase?

Good evening,

I will add this to my todo-list and have a look at it as soon as time
permits.

- --
- ----------------------------
Kristian Fiskerstrand
http://www.sumptuouscapital.com
- ----------------------------
Veni, vidi, vacatum
I came , I saw, I left
- ----------------------------
This email was digitally signed using the OpenPGP
standard. If you want to read more about this, visit:
http://www.secure-my-email.com
- ----------------------------
Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (GNU/Linux)

iQIcBAEBCAAGBQJMhlgNAAoJEAt/i2Dj7frjFUwP/R7PNu8VembwcUzI5YktHsE1
r/n6OOEcv0mbMqvawuakoQDYynzgsgr7L/nTYqED7Yy0Rw8/EpGmKQPlUW9QRShh
E/eEQe5N6OtiWHlCTxZtynvsIr53PGewqbuN/Xek/tXRLD1w23Ma/WI3fM/qWQRz
C3awHONYzbgv6kR75HEwzssZCCNFJ+qBBNnH1qA74SIf0Ts2zEoxGhEuhH2DoLJQ
Wto6SgZNfvuu+WzHb3ESnG7M1DpN0CGEg2eBnf8fN+/E2jb8GjHshGbWJaYxUcYj
kUWybsez2rt4zwCpDgHx1MP4eaDIbLqKK5dhTvn78q0L/3dXFO5GSc431VrLKozf
8BZpdlkTB0oORY4zhJ5L+b+G34gGE7MFLr7nkgR/GiL8VONccq9YX1UG/PSSSnP6
pk9zq5zwS22q6vwq9iL88P+UkFAV6em1tCg+Yg1MZKRE255ub7xE8CJ+obNkLFwc
Poa/QzQDEovCDhC6cR6JolOB7qvtfcEV/KhydfalHP7qtuKctYhjB9N4RBlIiTj2
+319BbUsW7mgqNgqPhR/dHwae40QpAcR2gMaqpWXwkOSYdTMmFyIg3bgpF0POGj5
8AUYLbPf4hkOL9p6ogbRIPtN/95YCBi1ZyWXZUm+TNPeZ9Ulp/rna9LxYUu/utqX
7NGhYh0ThnDoVCYyk/cI
=Eghu
-----END PGP SIGNATURE-----



reply via email to

[Prev in Thread] Current Thread [Next in Thread]