On 04/30/2018 01:59 PM, Andrew Gallagher wrote: > Certificate validation may also be an issue, because many HTTPS pool > members only have the pool SSL certificate - which won't validate in the > normal manner when bypassing the pool round-robin.
The certs includes CN and SANs for the keyserver, so it could still be used in this scenario, actually. The SNI setups I've seen with deviating handling use e.g letsencrypt cert when doing direct keyserver request, but that would still validate. But you'd potentially also have issues with keydumps as well as split pools serving different keyblocks depending on which server you hit - so I believe the underlying question is more complex than just throwing https on it, although it is certainly possible to do so. Immediately it sounds like just increasing the overhead without much value added though (the data is public anyways), but the whole GDPR is a mess to begin with. -- ---------------------------- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk ---------------------------- Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 ---------------------------- "Expect the best. Prepare for the worst. Capitalize on what comes." (Zig Ziglar)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
