[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Sks-devel] Joining hkps.pool.sks-keyservers.net
From: |
William Hay |
Subject: |
[Sks-devel] Joining hkps.pool.sks-keyservers.net |
Date: |
Mon, 21 Sep 2015 17:02:41 +0100 |
User-agent: |
Mutt/1.5.23 (2014-03-12) |
So having acquired a whole bunch of peers for my keyserver I'm now thinking
about adding hkps support and becoming part of hkps.pool.sks-servers.net. I've
got a couple of queries though.
1.I'll probably want to share the port 443 with other sites. Can one assume
that SNI is supported by hkps clients or is there another mechanism recommended
for hkps sharing a port?
2.Presumably I need to create a CSR for hkps.pool.sks-servers.net rather than
my own server name since that is what people will be trying to connect to. Is
there any preference with regard to SubjectAltName vs CommonName or both? The
modern practice seems to be to use SubjectAltName but backward compatibility
seems to be an important part of the keyserver world.
3.Are there any conventions regarding what should go into other fields of the
DN when creating one's CSR?
4.Assuming I want to turn on HSTS I presumably need to install and configure
sslh to front port 443. Anything else that might catch me out?
William
signature.asc
Description: Digital signature
- [Sks-devel] Joining hkps.pool.sks-keyservers.net,
William Hay <=