On Thu 2018-01-11 22:30:54 +0100, Alain Wolf wrote: > Maybe something along the line of ...
sounds like you're (roughly) reinventing some sort of acme protocol.
if we're going to do that, then we should just encourage kristian to use
acme directly.
imho, having a dedicated CA for this particular pool is the *right*
answer -- certifying pools is bad enough from a security perspective and
we certainly don't need to get the full CA cartel involved in the
picture.
So the question isn't "why should kristian be in the loop?" -- it's "why
don't more people ask kristian to use hkps?"
I note that we have more tor hidden services than we have hkps servers!
I suspect this is because of certificate maintenance more than anything
else.
I confess i've let the hkps pool cert for zimmermann.mayfirst.org lapse
for months at a time (it's lapsed right now!) because i don't monitor it
as well as i should have. i wonder how many other people fall into the
same trap?
are there better ways to get members of the hkps pool to stay in the
pool?
--dkg, off to bug kristian to renew my cert…
signature.asc
Description: PGP signature
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
