> Am I better off with a cert in most default trust stores, or am I better > off with CAcert?
In my opinion, you're better off with a self-signed certificate, because you cannot trust the certificate authorities not to sign a fake certificate for use in a man-in-the-middle attack. Isn't this the point of using the OpenPGP trust model instead of the flawed X.509 trust model? -oakwhiz. On Thu, Oct 13, 2011 at 5:21 PM, Phil Benchoff <[email protected]> wrote: > Some updates on keyserver.cns.vt.edu: > > - Thanks to all who responded to my request for peers. I think I have > added > everyone who responded. > > - I changed both the v4 and v6 addresses today. I left both the old and > new addresses bound for several hours more than the DNS TTL and then > removed the old addresses. If you have some firewall rules or something > that are configured by address, they need to be updated. Let me know > if so and I won't assume DNS will take care of everything the next time. > Tcpdump didn't show any traffic on the old addresses. > > - I'm using stunnel to provide SSL on both ports 11372 and 443. Right now > I'm using a CAcert certificate. I plan to change 443 to a cert that > is in the trust store of most browsers. The question is what to do with > 11372. I'm guessing most people who use hkps probably have the CAcert > root configured as their trusted CA in gnupg. Am I better off with a > cert in most default trust stores, or am I better off with CAcert? > > - I tried to add use_port_80: (no arguments) to sksconf, but the server > won't start and complains that an address is in use. Port 80 does not > appear to be in use for either the v4 or v6 address of the key server. > The host itself has a bunch of v4 and v6 addresses with port 80 in use > though. Are there any known issues with use_port_80? Does it use the > same address list as specified to hkp_address? > > Thanks, > Phil > > _______________________________________________ > Sks-devel mailing list > [email protected] > https://lists.nongnu.org/mailman/listinfo/sks-devel >
_______________________________________________ Sks-devel mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/sks-devel
