[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Dirmngr now supports hkps
From: |
Werner Koch |
Subject: |
Re: [Sks-devel] Dirmngr now supports hkps |
Date: |
Wed, 07 May 2014 20:51:07 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) |
On Wed, 7 May 2014 18:17, address@hidden
said:
> (i) as tmphost is derived from getnameinfo, the PTR record will be
> used. A concrete example would be sks.karotte.org that resolve to
> 176.9.51.79 which has a PTR of alita.karotte.org. However no keyserver
> is configured on [2] as the expected host is [3]. So trying to grab a
> key will fail.
I considered that but first wanted to implement what I think is the
Right Thing; i.e. I assumed properly configured servers and admins with
full access to the DNS zones.
> have an issue in the situation where using the CN directly the server
> might be presenting a self-signed / corporate signed certificate for
> SNI == CN. In this case we will have a server authentication error
Hmmm.
> I strongly suggest using the original hostname provided as SNI when
> performing keyserver lookups, this is also consistent with current
Okay. What about a dirmngr options to enable or disable the use of the
pool name?
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
Re: [Sks-devel] Changes to sks-keyservers.net pools, Dinko Korunic, 2014/05/06
Re: [Sks-devel] Changes to sks-keyservers.net pools, Daniel Austin, 2014/05/06
Message not available
- Message not available
- Message not available
- Re: [Sks-devel] Dirmngr now supports hkps, Kristian Fiskerstrand, 2014/05/07
- Re: [Sks-devel] Dirmngr now supports hkps,
Werner Koch <=
- Re: [Sks-devel] Dirmngr now supports hkps, Kristian Fiskerstrand, 2014/05/07
- Re: [Sks-devel] Dirmngr now supports hkps, Phil Pennock, 2014/05/08
- Re: [Sks-devel] Dirmngr now supports hkps, James Cloos, 2014/05/08
- Re: [Sks-devel] Dirmngr now supports hkps, Werner Koch, 2014/05/15
- Re: [Sks-devel] Dirmngr now supports hkps, Werner Koch, 2014/05/19
Re: [Sks-devel] Dirmngr now supports hkps, Daniel Kahn Gillmor, 2014/05/09
Re: [Sks-devel] Dirmngr now supports hkps, Werner Koch, 2014/05/15
Re: [Sks-devel] Dirmngr now supports hkps, Kristian Fiskerstrand, 2014/05/15