[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Changes to sks-keyservers.net pools
|
From: |
Kristian Fiskerstrand |
|
Subject: |
Re: [Sks-devel] Changes to sks-keyservers.net pools |
|
Date: |
Sun, 15 Jun 2014 00:19:16 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 05/11/2014 11:18 PM, Kristian Fiskerstrand wrote:
> On 05/11/2014 10:43 PM, Kristian Fiskerstrand wrote:
>> On 05/06/2014 02:55 PM, Jeremy T. Bouse wrote:
>>> On 05/06/2014 05:08 AM, Kristian Fiskerstrand wrote:
>>>> Dear lists,
>>>>
>>>> Following the release of SKS 1.1.5[0] the following changes
>>>> will be made to the pools of sks-keyservers.net
>>>>
>>>> subset.pool.sks-keyservers.net has been set to a minimum
>>>> requirement of SKS 1.1.5 with immediate effect.
>>>>
>>>> Due to CVE-2014-3207[1] I want to bump
>>>> hkps.pool.sks-keyservers.net to a requirement of 1.1.5 as
>>>> this can potentially be in another security context / zone,
>>>> however I'm giving this a grace period of (at least) 45-60
>>>> days to allow server administrators to upgrade their
>>>> servers.
>
>> In recognition of package-maintainers backporting the security
>> fixes to older versions of SKS for stable systems I'm revising
>> the latter statement a bit. I have now implemented a test for
>> affected servers instead of relying on the version information.
>> This is currently active, and non-patched servers in the HKPS
>> pool should now show up with an orange flag for the HKPS column.
>
>
> Adding to that, this would also keep servers that are protected due
> to the reverse proxy configuration remaining.
As only one server was left in the HKPS pool that hasn't been updated
to fix this issue (or behind a rprox protecting it for it), the
procedures have now been activated to discard this server.
As of now the HKPS pool should be safe for CVE-2014-3207.
- --
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
"Excellence is not a singular act but a habit. You are what you do
repeatedly."
(Shaquille O'Neal)
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJTnMpkAAoJEPw7F94F4TagbFkP+wXnRmKov3KATlrsLjwb4jTY
P2pcUJ6qtj2zTx+5avTainQ2UACQbW7SbufqEguDjrGgS6Uxb+cEeQpgKSG+5CG/
7uECVtC4z//wbHuNDF3H9gaSwVZW/B4y8XsyS9Ib2+6sJDB5aMmw5vPHzZB56Oy1
hdWMgVfAS4NGYPWrgQOQiYZa6qOdxmftSAuTatP12u2CIiYyeCrVuFwqZEYx9fXD
FE/ld98CFbojumknMgtoWO3HRlT/dQdKbaU0ENkg+m26g7fEWp8JECm4sqI/auf/
OGF4/VuZorHvD+liCjCutN7BwhBsHl29Ty0M+JXN5IvfP1Tru+q4Ak5oKxuR+k4j
rXAb5BNL+OEei2BMSGo+Ptqnszj92DfIYAy8YQFjgHP89pHsZKM8ySgMWglz+wnD
IXMClZkRrqRU/3kE3cFzqMTm6HIknKWQK+ebpuNSikQfemfZ/7f9wWIbAoSM1nhP
Fj29Lkxq8qoaWNeNtCZyKLuwBGjQNEwuKE3RRNe8cEHGr9NJQ/jxlU4jxzi30YGv
rMOggA+LKRf3DxWY0dzxkWJPGOXfYdCj+k2DkCX9LubhR/jM2LhJvCKgNsOVyuCJ
GjD9OT8tV7dEHNHcVM7JdfHSso1xKogQU0x0qrfd0PH8+kO8HH0qGDKSRwbjeZsM
PDgQ9b4icGqo6ooDm9pg
=AEFb
-----END PGP SIGNATURE-----
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [Sks-devel] Changes to sks-keyservers.net pools,
Kristian Fiskerstrand <=