Dear Rolf, On Tue, May 27, 2014 at 10:18:31PM +0200, Rolf Wuerdemann wrote:
Am 27.05.2014 17:41, schrieb Kristian Fiskerstrand:On 05/27/2014 05:00 PM, Daniel Kahn Gillmor wrote:To check the inclusion of your server in the hkps pool, look at the HKPS column of:https://sks-keyservers.net/status/Could you please explain the color-codes (on the page?). Red/green is obvious, but I don't know where this "orange" color for hkps sites comes from (SNI?)
Orange under the hkps column means that the server is vulnerable to CVE-2014-3207, which has been patched in SKS 1.1.5 [1,2].
The vulnerability isn't limited to hkps, but Kristian will at some point make 1.1.5 a requirement for being part of the hkps pool [3]. So the orange is left undocumented as it's intended as a temporary warning to admins (such as me!) who are yet to update their servers.
Thanks, Andy [1] http://lists.nongnu.org/archive/html/sks-devel/2014-05/msg00000.html [2] http://lists.nongnu.org/archive/html/sks-devel/2014-05/msg00026.html [3] http://lists.nongnu.org/archive/html/sks-devel/2014-05/msg00033.html
signature.asc
Description: Digital signature
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel