-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 05/15/2014 12:07 PM, Werner Koch wrote: > Hi, > > thanks for the comments. To get things straight, let me summarize > my understanding: > > For plain HTTP: > > - No change to the current code > > or > > - Resolve the name while following CNAME records to get a list of > IP addresses. Then connect any server at its IP address but use > the canonical name of the pool (the one which yields the AAAA > records) for the Host: header. > > > For HTTPS: > > - Resolve the name while following CNAME records to get a list of > IP addresses. Then connect any server at its IP address but use > the canonical name of the pool (the one which yields the AAAA > records) for the Host: header. Use that host: Header name also for > SNI. > > > In all cases make this the default behaviour if the hkp or the hkps > is used for the keyserver URL. If http or https is used, do the > same or use a different approach (e.g. let the DNS resolver > decide)?
I'd expect the same issues wrt Host: (for virtual hosting sites) for http and https, as well as SNI for the latter for these protocols as for hkp(s). The rest sounds good to me. > > Use of SRV records is subject to bug 1447 and will be fixed in a > second step? This is indeed currently disabled in the pool so it won't create an issue in the short term and can be postponed to get a working beta out from my point of view. - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- "We can only see a short distance ahead, but we can see plenty there that needs to be done." (Alan Turing) -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJTdOI1AAoJEPw7F94F4Tag0QEQAIwVRNXzYzEwR54Ca1rzaEQA WsmiMuavhUftBo0af5KxsBizbE2fUbl6atUTOUUJVA5ySIPi9qNrGHPgxu2Ut8V3 Z9m8YJSIGKwc1R2eK3ix0W5UF1bD1pEd8TgAkX79LzqgCGFwuqFBoLBU+iEFD4Vb puUAdik9UwhkECESW91L6B751v4sUNJulaQGQGmI5FodOfHCow2LaT+rDJ7QhjJa oyG2cTblq+sy44Sk4/Bhq/2xiZVBXwhGLWl4Stx69LGi2g5qLT+G5loLGTTEqEcn BsR3uYACa6GKK+TvXJGifBLa9EkcmcfMdienQbfbWutbDuwosq3rY2YBTcPOa+Oc llqWzD5FNhaRdGojW3LMU4+l2WY3znQsv8jY0I88MDzEnU/prQzZ5s5PB5QS74oC NRh2GW4dw1DNqBt6/DFLJy7VlA7s9pLrXZbh8vY2iH2ySsMVuOhX9OYFcqljROmr zG2up5y+X9v5GNpIoejKLpdlVGDiA+3Y1n4OGPQ6whvI8ZvyEg4t+bhAzMxN3Zgh fLhm5BwmYTvQ45hO+OEjHKd3ugOrM8ZrYe1hQogsKg43Cyj7vRTeXCJRdeywyACS vKS3lZE/Wu6JhwPbCOz8yp49iIYyrrHK4sXoMZBOZZ9DIybvIX1/LpsEOpPOVpeg vjjDhvi+DxbOzU12/FZp =hzwA -----END PGP SIGNATURE----- _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel