[Sks-devel] Joining hkps.pool.sks-keyservers.net

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sks-devel] Joining hkps.pool.sks-keyservers.net

From:	William Hay
Subject:	[Sks-devel] Joining hkps.pool.sks-keyservers.net
Date:	Mon, 21 Sep 2015 17:02:41 +0100
User-agent:	Mutt/1.5.23 (2014-03-12)

So having acquired a whole bunch of peers for my keyserver I'm now thinking 
about adding hkps support and becoming part of hkps.pool.sks-servers.net.  I've 
got a couple of queries though. 
1.I'll probably want to share the port 443 with other sites.  Can one assume 
that SNI is supported by hkps clients or is there another mechanism recommended 
for hkps sharing a port? 

2.Presumably I need to create a CSR for hkps.pool.sks-servers.net rather than 
my own server name since that is what people will be trying to connect to.  Is 
there any preference with regard to SubjectAltName vs CommonName or both?  The 
modern practice seems to be to use SubjectAltName but backward compatibility 
seems to be an important part of the keyserver world.

3.Are there any conventions regarding what should go into other fields of the 
DN when creating one's CSR?

4.Assuming I want to turn on HSTS I presumably need to install and configure 
sslh to front port 443.  Anything else that might catch me out?

William

signature.asc
Description: Digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Sks-devel] Joining hkps.pool.sks-keyservers.net, William Hay <=
- Re: [Sks-devel] Joining hkps.pool.sks-keyservers.net, Kristian Fiskerstrand, 2015/09/21

Prev by Date: [Sks-devel] Seeking peers for sks.srv.dumain.com
Next by Date: Re: [Sks-devel] Joining hkps.pool.sks-keyservers.net
Previous by thread: [Sks-devel] Seeking peers for sks.srv.dumain.com
Next by thread: Re: [Sks-devel] Joining hkps.pool.sks-keyservers.net
Index(es):
- Date
- Thread