On 10/28/2013 08:22 PM, Jeremy T. Bouse wrote:
I use StartCom for my SSL CA provider and they allow SANs to be added
for SNI.
I don't think that startcom is an appropriate CA for the current
hkps.pool.sks-keyservers.net. In the current setup, anyone who has
configured "keyserver hkps://hkps.pool.sks-keyservers.net" also has
"keyserver-options ca-cert-file /some/path/to/sks-keyservers.netCA.pem"
(this CA certificate (operated by kristian) can be found via the
instructions at https://sks-keyservers.net/overview-of-pools.php#pool_hkps).
if some of the members of the hkps pool are certified by startcom, and
others are certified by kristian's CA, (and others are certified by
still other CAs?) then people using the pool have to accept
certifications by more than one CA. Each additional CA we add means
existing setups need to be reconfigured.
--dkg
_______________________________________________
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel
