Re: [Sks-devel] sks-keyservers.net New HKPS subpool added

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] sks-keyservers.net New HKPS subpool added

From:	Phil Pennock
Subject:	Re: [Sks-devel] sks-keyservers.net New HKPS subpool added
Date:	Fri, 5 Oct 2012 18:23:43 -0400

On 2012-10-05 at 20:48 +0200, Kristian Fiskerstrand wrote:
> Just to inform that I've added a new hkps subpool to the list of options.
> 
> Regular A and AAAA and SRV records are included for port 443 servers,
> and a lookup is performed for _pgpkey-https._tcp on the individual
> servers to determine if a hkps enabled service is listening on another
> port, in which case this is included as a SRV record also in the pool
> (but not as an A or AAAA record).

I get results from:
  dig -t a hkps.pool.sks-keyservers.net
  dig -t srv _pgpkey-https._tcp.hkps.pool.sks-keyservers.net
but not from:
  dig -t aaaa hkps.pool.sks-keyservers.net
(NOERROR, with AUTHORITY section, so just looks as though there are no
AAAA records configured).

Is this just the pool being size-limited in records and happening to
currently only include A records?

> This pool likely need the keyserver option set to no-check-cert to
> function as expected.

Speaking for myself, I only use TLSv1+ and my nginx is built with SNI
support, so if you want to figure out a policy for handing out certs, I
can add a new cert for SNI hostnames in *.pool.sks-keyservers.net.

-Phil

pgppt7vUTqQKL.pgp
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Sks-devel] sks-keyservers.net New HKPS subpool added, Kristian Fiskerstrand, 2012/10/05
- Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Phil Pennock <=
  - Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Daniel Kahn Gillmor, 2012/10/06
    - Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Stephan Seitz, 2012/10/06
    - Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Phil Pennock, 2012/10/06
    - Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Kristian Fiskerstrand, 2012/10/08
    - Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Kristian Fiskerstrand, 2012/10/08
    - Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Phil Pennock, 2012/10/08
    - Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Kristian Fiskerstrand, 2012/10/08
    - Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Phil Pennock, 2012/10/08
    - Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Kristian Fiskerstrand, 2012/10/08
    - Re: [Sks-devel] sks-keyservers.net New HKPS subpool added, Phil Pennock, 2012/10/08

Prev by Date: [Sks-devel] sks-keyservers.net New HKPS subpool added
Next by Date: Re: [Sks-devel] sks-keyservers.net New HKPS subpool added
Previous by thread: [Sks-devel] sks-keyservers.net New HKPS subpool added
Next by thread: Re: [Sks-devel] sks-keyservers.net New HKPS subpool added
Index(es):
- Date
- Thread