On Thu 2018-01-11 22:30:54 +0100, Alain Wolf wrote: > Maybe something along the line of ...
sounds like you're (roughly) reinventing some sort of acme protocol. if we're going to do that, then we should just encourage kristian to use acme directly. imho, having a dedicated CA for this particular pool is the *right* answer -- certifying pools is bad enough from a security perspective and we certainly don't need to get the full CA cartel involved in the picture. So the question isn't "why should kristian be in the loop?" -- it's "why don't more people ask kristian to use hkps?" I note that we have more tor hidden services than we have hkps servers! I suspect this is because of certificate maintenance more than anything else. I confess i've let the hkps pool cert for zimmermann.mayfirst.org lapse for months at a time (it's lapsed right now!) because i don't monitor it as well as i should have. i wonder how many other people fall into the same trap? are there better ways to get members of the hkps pool to stay in the pool? --dkg, off to bug kristian to renew my cert…
signature.asc
Description: PGP signature
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel