Hello Kristian,
The CRL is published on [0] as stated on [1]. You are correct that for
a few of the later certs no CRL has been published along the cert (mea
cupla - I made in my config file). However if you see e.g [2] the CRL
distribution point is back in the certs.
References:
[0] https://sks
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 05/28/2014 01:05 PM, dirk astrath wrote:
> Hello Kristian,
>
>>> I hardly think that *any* client has the CA of sks installed
>>> per default (nor would an average client care to).
>> it is part of gnupg 2.1 [0]
>
> hm ... even if gnugpg 2.1 wil
Hello Kristian,
I hardly think that *any* client has the CA of sks installed per
default (nor would an average client care to).
it is part of gnupg 2.1 [0]
hm ... even if gnugpg 2.1 will check the CRL (i assume, you don't (plan
to) run an OCSP-server) ...
when i access the keyserver-pool u
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 05/27/2014 11:41 PM, Andrew Alderwick wrote:
> Dear Rolf,
>
> On Tue, May 27, 2014 at 10:18:31PM +0200, Rolf Wuerdemann wrote:
>> Am 27.05.2014 17:41, schrieb Kristian Fiskerstrand:
>>> On 05/27/2014 05:00 PM, Daniel Kahn Gillmor wrote:
To c
On 28/05/14 12:11, Kristian Fiskerstrand wrote:
> They will not be able to issue a certificate related to
> hkps.pool.sks-keyservers.net as CN or subjectAltName, i.e. the
> validation on a pool would fail.
It was too early in the morning, even pre-coffee.
I honestly didn't see that coming and r
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 05/28/2014 08:30 AM, Christian wrote:
> Hey,
>
> and while we are on the subject: If I install my Class 2 (!) OV
> Certificate from startssl the hkps button changes red. A valid
> certificte is not valid. I can understand that self-signed
> ce
> Could you please explain the color-codes (on the page?).
> Red/green is obvious, but I don't know where this "orange"
> color for hkps sites comes from (SNI?)
> > Indeed, or the meta page for the server in question.
By the way. Kristian!
May I suggest you to use title="explanation" attributes w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey,
and while we are on the subject: If I install my Class 2 (!) OV
Certificate from startssl the hkps button changes red. A valid
certificte is not valid. I can understand that self-signed
certificates will turn the hkps indicator red, but why don't
Dear Rolf,
On Tue, May 27, 2014 at 10:18:31PM +0200, Rolf Wuerdemann wrote:
Am 27.05.2014 17:41, schrieb Kristian Fiskerstrand:
On 05/27/2014 05:00 PM, Daniel Kahn Gillmor wrote:
To check the inclusion of your server in the hkps pool, look at the
HKPS column of:
https://sks-keyservers.net/sta
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Kristian
>>> You are quite correct, and I will revoke and issue new
>>> certificates as I get CSRs signed with the same openpgp keys
>>> that I originally got requests from.
>> Please consider to remove vulnerable servers from HKPS pool.
>> Thi
Am 27.05.2014 17:41, schrieb Kristian Fiskerstrand:
> On 05/27/2014 05:00 PM, Daniel Kahn Gillmor wrote:
>> On 05/27/2014 09:27 AM, Dmitry Yu Okunev (pks.mephi.ru) wrote:
>>> BTW, is it right that our server is not in the HKPS pool
>>> [pools and zone-entries]
>
>> To check the inclusion of you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 05/27/2014 05:00 PM, Daniel Kahn Gillmor wrote:
> On 05/27/2014 09:27 AM, Dmitry Yu Okunev (pks.mephi.ru) wrote:
>> BTW, is it right that our server is not in the HKPS pool
>> "hkps.pool.sks-keyservers.net".
>>
..
>
> the "host" command jus
On 05/27/2014 09:27 AM, Dmitry Yu Okunev (pks.mephi.ru) wrote:
> BTW, is it right that our server is not in the HKPS pool
> "hkps.pool.sks-keyservers.net".
>
> Server: keyserver.ut.mephi.ru (85.143.112.59)
>
> $ host hkps.pool.sks-keyservers.net
> hkps.pool.sks-keyservers.net has address 162.243.
Hello.
On 05/25/2014 12:00 AM, Kristian Fiskerstrand wrote:
> On 05/24/2014 08:32 AM, Gabor Kiss wrote:
>> On Wed, 9 Apr 2014, kristian.fiskerstr...@sumptuouscapital.com
>> wrote:
>
>>> You are quite correct, and I will revoke and issue new
>>> certificates as I get CSRs signed with the same open
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 05/24/2014 08:32 AM, Gabor Kiss wrote:
> On Wed, 9 Apr 2014, kristian.fiskerstr...@sumptuouscapital.com
> wrote:
>
>> You are quite correct, and I will revoke and issue new
>> certificates as I get CSRs signed with the same openpgp keys that
>> I
On Wed, 9 Apr 2014, kristian.fiskerstr...@sumptuouscapital.com wrote:
> You are quite correct, and I will revoke and issue new certificates as I get
> CSRs signed with the same openpgp keys that I originally got requests from.
Dear Kristian,
Please consider to remove vulnerable servers from HKPS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Folks,
Am 09.04.2014 17:38, schrieb Kiss Gabor (Bitman):
> Folks,
>
> Do not forget that all hkps.pool.sks-keyservers.net certificates
> should be revoked and replaced after fixing openssl Heartbleed Bug
> on vulnerable key servers. (Including m
> > You are quite correct, and I will revoke and issue new certificates as I
> > get CSRs signed with the same openpgp keys that I originally got
> > requests from.
>
> So we should just wait for new certificates. Right? :)
All of us have to generate new secret key key and signing request first.
Hello
On 04/09/2014 10:51 PM, kristian.fiskerstr...@sumptuouscapital.com wrote:
> You are quite correct, and I will revoke and issue new certificates as I
> get CSRs signed with the same openpgp keys that I originally got
> requests from.
So we should just wait for new certificates. Right? :)
-
eys
Sent from my HTC
- Reply message -
From: "Kiss Gabor (Bitman)"
To:
Subject: [Sks-devel] Heartbleed ans HKPS pool
Date: Wed, Apr 9, 2014 17:38
Folks,
Do not forget that all hkps.pool.sks-keyservers.net certificates
should be revoked and replaced after fixing openssl Heartble
Folks,
Do not forget that all hkps.pool.sks-keyservers.net certificates
should be revoked and replaced after fixing openssl Heartbleed Bug
on vulnerable key servers. (Including mine.)
Gabor
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.
21 matches
Mail list logo