-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Gaudenz Steinlin wrote, On 09/07/2010 09:21 AM: > Excerpts from Phil Pennock's message of Die Sep 07 03:26:37 +0200 2010: >> On 2010-09-06 at 21:03 +0200, Gaudenz Steinlin wrote: >>> I would be interested to build up a pool of TLS enabled SKS servers >>> with others. To my knowledge there are currently only two other such >>> servers (zimmermann.mayfirst.org and keys.indymedia.org). The main >>> problem to solve for this is how to issue certificates for the servers >>> belonging to the pool. Do others have any ideas on this? >> This came up before. The client needs to support SNI and you need your >> web-server to support SNI, so that it can issue different certificates >> for different pools. Then each pool which issues certificates can issue >> one to each member of the pool and there is free competition between >> pools. > > This sounds fairly complicated. I would be perfectly happy to just > have one pool for TLS as a starting point. This would not need any > SNI. Each servers hostname could be added as a subject alt name to the > pool certificate. > > OTOH it seems that curl already supports SNI. Does this work together > with gnupg-curl? > >> After that, you "just" sort out a CA, the software to build the pool and >> find a group of people willing to go along with each installing an extra >> certificate to be used when accessed via that pool's service >> hostname. > > Is anyone willing to try to setup an experimental pool? Would it be > possible to setup tls.pool.sks-keyservers.net (or similar) for this or > should this be done outside of sks-keyservers.net during the > experimental phase?
Good evening, I will add this to my todo-list and have a look at it as soon as time permits. - -- - ---------------------------- Kristian Fiskerstrand http://www.sumptuouscapital.com - ---------------------------- Veni, vidi, vacatum I came , I saw, I left - ---------------------------- This email was digitally signed using the OpenPGP standard. If you want to read more about this, visit: http://www.secure-my-email.com - ---------------------------- Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.10 (GNU/Linux) iQIcBAEBCAAGBQJMhlgNAAoJEAt/i2Dj7frjFUwP/R7PNu8VembwcUzI5YktHsE1 r/n6OOEcv0mbMqvawuakoQDYynzgsgr7L/nTYqED7Yy0Rw8/EpGmKQPlUW9QRShh E/eEQe5N6OtiWHlCTxZtynvsIr53PGewqbuN/Xek/tXRLD1w23Ma/WI3fM/qWQRz C3awHONYzbgv6kR75HEwzssZCCNFJ+qBBNnH1qA74SIf0Ts2zEoxGhEuhH2DoLJQ Wto6SgZNfvuu+WzHb3ESnG7M1DpN0CGEg2eBnf8fN+/E2jb8GjHshGbWJaYxUcYj kUWybsez2rt4zwCpDgHx1MP4eaDIbLqKK5dhTvn78q0L/3dXFO5GSc431VrLKozf 8BZpdlkTB0oORY4zhJ5L+b+G34gGE7MFLr7nkgR/GiL8VONccq9YX1UG/PSSSnP6 pk9zq5zwS22q6vwq9iL88P+UkFAV6em1tCg+Yg1MZKRE255ub7xE8CJ+obNkLFwc Poa/QzQDEovCDhC6cR6JolOB7qvtfcEV/KhydfalHP7qtuKctYhjB9N4RBlIiTj2 +319BbUsW7mgqNgqPhR/dHwae40QpAcR2gMaqpWXwkOSYdTMmFyIg3bgpF0POGj5 8AUYLbPf4hkOL9p6ogbRIPtN/95YCBi1ZyWXZUm+TNPeZ9Ulp/rna9LxYUu/utqX 7NGhYh0ThnDoVCYyk/cI =Eghu -----END PGP SIGNATURE----- _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel