On 10/06/2012 12:23 AM, Phil Pennock wrote: > I get results from: > dig -t a hkps.pool.sks-keyservers.net > dig -t srv _pgpkey-https._tcp.hkps.pool.sks-keyservers.net > but not from: > dig -t aaaa hkps.pool.sks-keyservers.net > (NOERROR, with AUTHORITY section, so just looks as though there are no > AAAA records configured). > > Is this just the pool being size-limited in records and happening to > currently only include A records?
Hi Phil, No, it was a temporary issue with my IPv6 connectivity[0], so no server was recorded as having IPv6 capability. >> This pool likely need the keyserver option set to no-check-cert to >> function as expected. > Speaking for myself, I only use TLSv1+ and my nginx is built with SNI > support, so if you want to figure out a policy for handing out certs, I > can add a new cert for SNI hostnames in *.pool.sks-keyservers.net. > Let me think a bit more about this one :) [0] https://www.sixxs.net/tickets/?msg=tickets-7961722 -- ---------------------------- Kristian Fiskerstrand http://www.sumptuouscapital.com Twitter: @krifisk ---------------------------- Varitatio delectat Change pleases ---------------------------- This email was digitally signed using the OpenPGP standard. If you want to read more about this The book: Sending Emails - The Safe Way: An introduction to OpenPGP security is available in both Amazon Kindle and Paperback format at http://www.amazon.com/dp/B006RSG1S4/ ---------------------------- Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel