-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 05/19/2015 07:49 AM, Gabor Kiss wrote:
I am wondering if I can still get a certificate for
keys.techwolf12.nl, my server has been stable for over 3 months
now and I would like to add an extra layer of security.
Does anyone know how to get
[alt_names] DNS.1 = hkps.pool.sks-keyservers.net DNS.2 =
*.pool.sks-keyservers.net DNS.3 = pool.sks-keyservers.net DNS.4 =
keys.niif.hu
This part is unnecessary, the SANs are added by me the input is
discarded when generating the certificate. So you can simplify this to
Anyway the
Hi,
I really like the idea of only accepting self-signed stuff as it would raise
the bar for vandalism.
But there was also the question on how to deal with the situation on a more
conceptual level and I don't know what this would entail in a technical sense,
but I think it would be great, if
I really like the idea of only accepting self-signed stuff as it would raise
the bar for vandalism.
No one is kept from generate a million of new regular looking
self signed keys with some additional unwanted content.
Gabor
___
Sks-devel mailing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Tue, May 19, 2015 at 4:23 PM, Daniel Kahn Gillmor
d...@fifthhorseman.net wrote:
Alternately, a solid answer to the following question would help us to
make these sorts of decisions in a more fine-grained way over time:
* how do we update the
On Tue, 19 May 2015 13:25:15 +0200 (CEST)
Gabor Kiss ki...@ssg.ki.iif.hu wrote:
I really like the idea of only accepting self-signed stuff as it would
raise the bar for vandalism.
No one is kept from generate a million of new regular looking
self signed keys with some additional unwanted
Thoughts?
Right now the principal SKS developers and maintainers are Yaron Minsky,
John Clizbe, Christoph Martin, Fabi Di Nitto, Daniel Kahn Gillmor, and
... I'm blanking on the Fedora SKS maintainer.
This idea really needs buy-in from them. So long as it's an idea
floated by people who
Even if we did have a better understanding of the filter code, the
difficulty with phasing in filters like this (as you've noticed in
your description) is that either the whole pool opts in, or the
filter doesn't work. Peers with different filtersets cannot gossip
with each other, aiui.
On Tue, May 19, 2015 at 4:04 AM, ma...@wk3.org ma...@wk3.org wrote:
But there was also the question on how to deal with the situation on
a more conceptual level and I don't know what this would entail in a
technical sense,
Here's a proposed phased technical rollout of verifying self
On Tue 2015-05-19 15:55:34 -0400, Daniel Roesler wrote:
On Tue, May 19, 2015 at 4:04 AM, ma...@wk3.org ma...@wk3.org wrote:
But there was also the question on how to deal with the situation on
a more conceptual level and I don't know what this would entail in a
technical sense,
Here's a
On 19-05-15 13:25, Gabor Kiss wrote:
I really like the idea of only accepting self-signed stuff as it would raise
the bar for vandalism.
No one is kept from generate a million of new regular looking
self signed keys with some additional unwanted content.
No, but it could be the first small
Hi all!
I just want to share something I use on my keyserver.
If you enable ssl (hkps) Nginx will automatically assume that the 11371
port is ssl.
However if you add this:
error_page 497 https://$host:$server_port$request_uri;
Then Nginx will redirect http requests to port 11371 to https
12 matches
Mail list logo