Re: [Sks-devel] Fwd: Re: Unde(r)served HKPS [was: Underserved areas?]

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Fwd: Re: Unde(r)served HKPS [was: Underserved areas?]

From:	dirk astrath
Subject:	Re: [Sks-devel] Fwd: Re: Unde(r)served HKPS [was: Underserved areas?]
Date:	Sun, 14 Jan 2018 09:38:48 +0000
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0

Hello,

For your Keyserver you can use a Certificate issues by any CA as long
as it should not contain one of the pool names. On my server I decided
to use Let's Encrypt.

You can of course but certificate validation will fail if the user comes
to you through the pool hostname. It's ugly, impolite and just rude to
confront the user with such a message. And a web-of-trust that greets
it's users with a this-site-is-not-trusted message ist just stupid.


Wrong.

If you use SNI, you can serve the LE-certificate for your server-name(s)and the "Kristian-CA" for the poolserver-name(s).


Kind regards,

dirk

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Sks-devel] Unde(r)served HKPS [was: Underserved areas?], (continued)

Prev by Date: [Sks-devel] Fwd: Re: Unde(r)served HKPS [was: Underserved areas?]
Next by Date: Re: [Sks-devel] Unde(r)served HKPS [was: Underserved areas?]
Previous by thread: [Sks-devel] Fwd: Re: Unde(r)served HKPS [was: Underserved areas?]
Next by thread: Re: [Sks-devel] Fwd: Re: Unde(r)served HKPS [was: Underserved areas?]
Index(es):
- Date
- Thread