-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey,
and while we are on the subject: If I install my Class 2 (!) OV
Certificate from startssl the hkps button changes red. A valid
certificte is not valid. I can understand that self-signed
certificates will turn the hkps indicator red, but why
Could you please explain the color-codes (on the page?).
Red/green is obvious, but I don't know where this orange
color for hkps sites comes from (SNI?)
Indeed, or the meta page for the server in question.
By the way. Kristian!
May I suggest you to use title=explanation attributes within td
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 05/28/2014 08:30 AM, Christian wrote:
Hey,
and while we are on the subject: If I install my Class 2 (!) OV
Certificate from startssl the hkps button changes red. A valid
certificte is not valid. I can understand that self-signed
On 28/05/14 12:11, Kristian Fiskerstrand wrote:
They will not be able to issue a certificate related to
hkps.pool.sks-keyservers.net as CN or subjectAltName, i.e. the
validation on a pool would fail.
It was too early in the morning, even pre-coffee.
I honestly didn't see that coming and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 05/27/2014 11:41 PM, Andrew Alderwick wrote:
Dear Rolf,
On Tue, May 27, 2014 at 10:18:31PM +0200, Rolf Wuerdemann wrote:
Am 27.05.2014 17:41, schrieb Kristian Fiskerstrand:
On 05/27/2014 05:00 PM, Daniel Kahn Gillmor wrote:
To check the
Hello Kristian,
I hardly think that *any* client has the CA of sks installed per
default (nor would an average client care to).
it is part of gnupg 2.1 [0]
hm ... even if gnugpg 2.1 will check the CRL (i assume, you don't (plan
to) run an OCSP-server) ...
when i access the keyserver-pool
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 05/28/2014 01:05 PM, dirk astrath wrote:
Hello Kristian,
I hardly think that *any* client has the CA of sks installed
per default (nor would an average client care to).
it is part of gnupg 2.1 [0]
hm ... even if gnugpg 2.1 will check the
Hello Kristian,
The CRL is published on [0] as stated on [1]. You are correct that for
a few of the later certs no CRL has been published along the cert (mea
cupla - I made in my config file). However if you see e.g [2] the CRL
distribution point is back in the certs.
References:
[0]
Hello.
On 05/25/2014 12:00 AM, Kristian Fiskerstrand wrote:
On 05/24/2014 08:32 AM, Gabor Kiss wrote:
On Wed, 9 Apr 2014, kristian.fiskerstr...@sumptuouscapital.com
wrote:
You are quite correct, and I will revoke and issue new
certificates as I get CSRs signed with the same openpgp keys
On 05/27/2014 09:27 AM, Dmitry Yu Okunev (pks.mephi.ru) wrote:
BTW, is it right that our server is not in the HKPS pool
hkps.pool.sks-keyservers.net.
Server: keyserver.ut.mephi.ru (85.143.112.59)
$ host hkps.pool.sks-keyservers.net
hkps.pool.sks-keyservers.net has address 162.243.102.241
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 05/27/2014 05:00 PM, Daniel Kahn Gillmor wrote:
On 05/27/2014 09:27 AM, Dmitry Yu Okunev (pks.mephi.ru) wrote:
BTW, is it right that our server is not in the HKPS pool
hkps.pool.sks-keyservers.net.
..
the host command just looks
Am 27.05.2014 17:41, schrieb Kristian Fiskerstrand:
On 05/27/2014 05:00 PM, Daniel Kahn Gillmor wrote:
On 05/27/2014 09:27 AM, Dmitry Yu Okunev (pks.mephi.ru) wrote:
BTW, is it right that our server is not in the HKPS pool
[pools and zone-entries]
To check the inclusion of your server in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Kristian
You are quite correct, and I will revoke and issue new
certificates as I get CSRs signed with the same openpgp keys
that I originally got requests from.
Please consider to remove vulnerable servers from HKPS pool.
This is not a
Dear Rolf,
On Tue, May 27, 2014 at 10:18:31PM +0200, Rolf Wuerdemann wrote:
Am 27.05.2014 17:41, schrieb Kristian Fiskerstrand:
On 05/27/2014 05:00 PM, Daniel Kahn Gillmor wrote:
To check the inclusion of your server in the hkps pool, look at the
HKPS column of:
On Wed, 9 Apr 2014, kristian.fiskerstr...@sumptuouscapital.com wrote:
You are quite correct, and I will revoke and issue new certificates as I get
CSRs signed with the same openpgp keys that I originally got requests from.
Dear Kristian,
Please consider to remove vulnerable servers from HKPS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 05/24/2014 08:32 AM, Gabor Kiss wrote:
On Wed, 9 Apr 2014, kristian.fiskerstr...@sumptuouscapital.com
wrote:
You are quite correct, and I will revoke and issue new
certificates as I get CSRs signed with the same openpgp keys that
I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Folks,
Am 09.04.2014 17:38, schrieb Kiss Gabor (Bitman):
Folks,
Do not forget that all hkps.pool.sks-keyservers.net certificates
should be revoked and replaced after fixing openssl Heartbleed Bug
on vulnerable key servers. (Including
Folks,
Do not forget that all hkps.pool.sks-keyservers.net certificates
should be revoked and replaced after fixing openssl Heartbleed Bug
on vulnerable key servers. (Including mine.)
Gabor
___
Sks-devel mailing list
Sks-devel@nongnu.org
Hello
On 04/09/2014 10:51 PM, kristian.fiskerstr...@sumptuouscapital.com wrote:
You are quite correct, and I will revoke and issue new certificates as I
get CSRs signed with the same openpgp keys that I originally got
requests from.
So we should just wait for new certificates. Right? :)
--
You are quite correct, and I will revoke and issue new certificates as I
get CSRs signed with the same openpgp keys that I originally got
requests from.
So we should just wait for new certificates. Right? :)
All of us have to generate new secret key key and signing request first.
Gabor
20 matches
Mail list logo
