-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 05/28/2014 01:05 PM, dirk astrath wrote: > Hello Kristian, > >>> I hardly think that *any* client has the CA of sks installed >>> per default (nor would an average client care to). >> it is part of gnupg 2.1 [0] > > hm ... even if gnugpg 2.1 will check the CRL (i assume, you don't > (plan to) run an OCSP-server) ... > > when i access the keyserver-pool using my browser to have an > encrypted channel to search/upload/... keys, the revocation-status > of a certificate should be checked. > > currently (without the CRL) the expiration date is the only way my > browser knows, that the certficate is no longer valid. > > ... and ... yes ... gnug 2.1 is not "every client" ... ;-) > > have a nice day ... >
The CRL is published on [0] as stated on [1]. You are correct that for a few of the later certs no CRL has been published along the cert (mea cupla - I made in my config file). However if you see e.g [2] the CRL distribution point is back in the certs. References: [0] https://sks-keyservers.net/ca/crl.pem [1] https://sks-keyservers.net/overview-of-pools.php [2] https://keys.digitalis.org/ - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Testis unus, testis nullus A single witness is no witness -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJThdIOAAoJEPw7F94F4TagCu4P/1BXlwftSFlH+IHi0F3oCPTP Ez+mmNZXViJXP7y9SVZAze1NfMy8XqbDSaLblDDLu+GeJ0ejYXBstRAMFb2imPER 7wVM3Ql9l6G1GDC6mmIGEFvzbyH5jo4gGivDgPySWgmstNo8uoGAOcCNHq5i4LjR F+i4t4z1Sa+fa0HZ5tqFtdRo+vVreoSP4xgsK7jIho9uGgb+XBm9ndJC91IlC4YC p3YVyNG+Co1BQGRnmybh9OBV/gcoScL/13XZB/RhF58DPfN9KJXp0+u1YDZGOHvH tyKD2xBsQcDnw7ME/JYrEjR3GHv15w9BRHUy3045I8BonYHQNX8lpOo17j6QzpZi eaMF8B1GEgyn+NBfGLaeEIU+kDiCDDhKoZep0y3kJn7XSzsfThrAjq0ygH02b3WM lrF1HKSvAhzA+l21rnbuQUwjM+EHQa28ytfxdCoZ0wqs+SHyO111fGVH9+X1WTu6 VyOQZLA8H9bqQm6jlJdxcX16Jo/tyMZJ61d/TRoII7bqK0mE5tvUiD4Wvn9qR5pt 0U+2csTC5/Vly0FF6iN6a3IgtyM8/+9XiS9PWVAvt8b6SGgE6jUyTbtJcR4oi+Mv d3R5xUkIfx6dgeYB2Se0NRZI1lJeoCq4QXzmF1L+o1NDriFsIFReMqmZPuuQKknP I8Bt3mY9SzD7tRWOC0nE =U8KQ -----END PGP SIGNATURE----- _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel