On 10/08/2012 11:32 PM, Stephan Seitz wrote: > > > Am Montag, den 08.10.2012, 23:09 +0200 schrieb Kristian Fiskerstrand: > >>> >>>> I already use namebased vhosts (thank's for your explanation of TLS, >>>> phil), so I could configure two proxies which are identical despite the >>>> hostname and the certificates. That way, I would use two different >>>> keys / crts without the need for subjectAltName. >>>> >>> >>> Again, yup >>> >> >> Agreed too quickly there, you'll still need to generate a new CSR from >> your private key that I can sign, where I'll add a subjectAltName, but >> in that setup only the subjectAltName will ever be used, as the primary >> host will be handled by your setup and different cert. > > Ah, I see. So I'm going to send you a csr in a few minutes ;) > > Just to get it right, > dig +short A hkps.pool.sks-keyservers.net > shows some pool IP's, tho the expected servername is > hkps.pool.sks-keyservers.net > > dig +short srv _pgpkey-https._tcp.hkps.pool.sks-keyservers.net > shows redirections to other servers, so clients doing a srv query are > expecting the redirected hostname.
Yeah, I've just removed the SRV records from the pool until the two bugs[0, 1] for SRV are fixed. As the port number in the SRV record isn't used anyways [0], and I'm not doing any SRV weighting, having this record isn't much use. [0] https://bugs.g10code.com/gnupg/issue1446 [1] https://bugs.g10code.com/gnupg/issue1447 -- ---------------------------- Kristian Fiskerstrand http://www.sumptuouscapital.com Twitter: @krifisk ---------------------------- "Great things are not accomplished by those who yield to trends and fads and popular opinion." (Jack Kerouac) ---------------------------- This email was digitally signed using the OpenPGP standard. If you want to read more about this The book: Sending Emails - The Safe Way: An introduction to OpenPGP security is available in both Amazon Kindle and Paperback format at http://www.amazon.com/dp/B006RSG1S4/ ---------------------------- Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel