|
From: | dirk astrath |
Subject: | Re: [Sks-devel] Heartbleed ans HKPS pool |
Date: | Wed, 28 May 2014 11:05:04 +0000 |
User-agent: | Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.0 |
Hello Kristian,
I hardly think that *any* client has the CA of sks installed per default (nor would an average client care to).it is part of gnupg 2.1 [0]
hm ... even if gnugpg 2.1 will check the CRL (i assume, you don't (plan to) run an OCSP-server) ...
when i access the keyserver-pool using my browser to have an encrypted channel to search/upload/... keys, the revocation-status of a certificate should be checked.
currently (without the CRL) the expiration date is the only way my browser knows, that the certficate is no longer valid.
... and ... yes ... gnug 2.1 is not "every client" ... ;-) have a nice day ...
[Prev in Thread] | Current Thread | [Next in Thread] |