Re: keys.gnupg.net is blocked by Palo Alto Wildfire

2018-08-10 Thread Kristian Fiskerstrand 
On 08/10/2018 02:20 AM, Tim Perkins wrote:
> I did observe that at least one of the pool members seems to not be
> configured properly (if I do a ‘curl -k -H 'Host:
> http-keys.gnupg.net' https://37.191.226.104’ it displays a busted
> Matomo page).

This is actually my server, but why would it respond to such a host on
port 80? it responds to keys.gnupg.net on 11371 (default HKP port) as it
should. Fut for HKPS/HTTPS there aren't any expectations for
certificates for the SNI etc, hkps.pool.sks-keyservers.net is used for
that by default.

-- 

Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk

Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3

Audaces fortuna iuvat
Fortune favors the brave



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

keys.gnupg.net is blocked by Palo Alto Wildfire

2018-08-10 Thread Tim Perkins 
Not sure if this is the right place to send this, but I figured I’d start here 
since keys.gnupg.net seems to be hardcoded as a default in the source code for 
GnuPG.

The company I work for leverages Palo Alto products for security, and we 
recently observed that keys.gnupg.net was not resolving properly. After digging 
into it, we discovered that Palo Alto is flagging keys.gnupg.net as a Malware 
site.

I’ve gone ahead and submitted a request for them to reclassify it as a 
non-malicious “Computer and Internet Info,” but that doesn’t exactly answer 
_why_ it was flagged. And it looks like they may have just changed it while I 
was in the process of writing this email (can be checked at 
https://urlfiltering.paloaltonetworks.com/query/ ).

I did observe that at least one of the pool members seems to not be configured 
properly (if I do a ‘curl -k -H 'Host: http-keys.gnupg.net' 
https://37.191.226.104’ it displays a busted Matomo page).

And I’m left wondering if one of the pool members was serving up something that 
caused Palo Alto to flag keys.gnupg.net.

Oddly enough, neither hkps.pool.sks-keyservers.net nor sks-keyserver.net was 
blocked.

--Tim
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users