Re: [Sks-devel] Unde(r)served HKPS [was: Underserved areas?]

[Alain Wolf]

On 14.01.2018 16:55, Kristian Fiskerstrand wrote:
> 
> That said I'm a bit surprised about this discussion, nobody is required
> to use a single pool of keyservers.
> 

That is certainly not the direction I wanted it to go with my initial post.

I personally, and I assume must of us, welcomed the decision of GnuPG to
bundle sks-keyservers.net root certificate. Anything to increase the
change of an encrypted connection from a "default-user" is welcome.

Letsencrypt as any other CA does not care whats going on the servers
they issue certificates for. Kristian apparently does and he does not
seem to be prepared to change that anytime soon. This of course has its
benefits and I fully respect that he is not willing to throw out the
baby with the bath water.

My initial post and request for automation as well as my own CSR was
derived from the information on the sks-keyservers.net website. Maybe
this needs to be clarified.

Unfortunately the problem of 95% of the server pool not supporting
HKPS out of the box remains unresolved. For now.

My opinion is still the same: Unencrypted HKP should be the exception
and HKPS the rule. The majority of the pool servers need to be in the
HKPS pool and HKP then might be slowly phased out and deprecated.

I will continue to look for ideas and I hope others will too.

With much respect.

Alain

-- 
pgpkeys.urown.net 11370 # <address@hidden> 0x27A69FC9A1744242

signature.asc
Description: OpenPGP digital signature