Re: [Sks-devel] HKPS configuration?

[Kristian Fiskerstrand]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 02/11/2014 05:08 PM, Christian Reiß wrote:
> Hey,
> 
> I am not saying it can't be done. Yes it is possible with your
> setup, but that some clients to not send vhost/domain data along
> with the request and expect the hostname of the sks server to match
> the default cert. So unless you are serving the hkps per default on
> your server you might break compatibility with clients.
> 

FWIW, I do not enforce this in the hkps.pool (i.e. to require SNI is
permitted), however this is the required behavior on port 11371 for
the usual pool.


- -- 
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Ad astra per aspera
To the stars through thorns
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJS+luuAAoJEPw7F94F4Tag7IsP/iO3z+P5fxjmctxHCTnZHo+P
KJpBsX/dToQnTRlobz26lllGImVR6ItyrcdW1jfr31SWqD8RDRqZHvVT8RXRjWpS
5FA11jgsPdXFcX8+TmWIylHm4UwwCb5okqfVfalTHekifE5pC1JOYMW+YbYm7aTF
CzvMUDtbM8hYZMzRUIwv1FhjW9jFMhyiemH/a606gefabjJGZAXqE+V0jxoNzWxD
Pnz8ZV9a4st3N5CrRg5Y28S5kHvX8bdXZEtNMkdczO3cq2aYgwHcYVzMe5T5zPr9
q5pwXVQ8UmlNEj59S1W/dHuFNjwePy+Cq2R92ylS9vrYtLqPPin2DfFBs4ogG7mV
RGTns7j0NJbikYp2jkioHf+hOgP6wB9WAgw3YZ7XX+XTXBFqjCk7iqCF7Z0fOpu9
xEIBA8yL5nKDzRa5n4MaDmqv+58eT9g3E7EAScmZs9Z+1M8nuOfyMAuLPqnt/xRs
Y+3LFLX06HegYsFLr+VecT6d6D9QS07EjcQ1Tcgt82ynS+0NnKXtuc+ZavzOyaHh
miRffa0HOCBQdIjXG4bblCD2l3xA1Oy6w78t85PW78k/p/R9KVVH57v/mASRKHxH
DxTSuhJfRiNT9JEB4WPosu/ox1cDPcofF5kyNcS1uQJkfufErR8WfP579Zgn110/
kKgecUUqOncvVIXXJWFx
=PwaE
-----END PGP SIGNATURE-----