Dear all, A quick scan of certificates used by current HKPS pool members shows that the following servers have pre-heartbleed certificate:
a.keyserver.pki.scientia.net Aug 4 15:32:48 2013 GMT key.adeti.org Mar 9 12:35:57 2014 GMT key.ip6.li Nov 9 14:26:10 2013 GMT keys.alderwick.co.uk Feb 7 18:22:08 2014 GMT keys.fedoraproject.org Aug 6 08:22:21 2013 GMT keys.sflc.info Oct 2 19:57:20 2013 GMT keys2.alderwick.co.uk Feb 7 18:22:36 2014 GMT keyserver.codinginfinity.com Jan 9 21:24:09 2014 GMT keyserver.secretresearchfacility.com Jul 5 00:02:38 2013 GMT keyserver.secure-u.de Jan 13 19:18:27 2014 GMT keyserver.skoopsmedia.net Nov 19 18:24:26 2013 GMT keyserver.ut.mephi.ru Nov 13 12:45:02 2013 GMT keyserver.witopia.net Nov 7 22:13:57 2013 GMT klucze.achjoj.info Nov 13 19:37:55 2013 GMT pgpkeys.eu Mar 9 12:48:04 2014 GMT sks.fidocon.de Aug 31 11:22:45 2013 GMT sks.karotte.org Jul 4 21:10:30 2013 GMT sks.mrball.net Oct 4 22:02:56 2013 GMT sks.undergrid.net Nov 14 17:52:09 2013 GMT zimmermann.mayfirst.org Nov 13 20:49:36 2013 GMT I bet at least one third of these servers is affected by Heartbleed Bug. :-) However I cannot figure out which of them. I ask everybody to declare if they did not use compromised version of openssl since the start of validity period of certificate. Gabor _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel