On 2012-10-05 at 20:48 +0200, Kristian Fiskerstrand wrote: > Just to inform that I've added a new hkps subpool to the list of options. > > Regular A and AAAA and SRV records are included for port 443 servers, > and a lookup is performed for _pgpkey-https._tcp on the individual > servers to determine if a hkps enabled service is listening on another > port, in which case this is included as a SRV record also in the pool > (but not as an A or AAAA record).
I get results from: dig -t a hkps.pool.sks-keyservers.net dig -t srv _pgpkey-https._tcp.hkps.pool.sks-keyservers.net but not from: dig -t aaaa hkps.pool.sks-keyservers.net (NOERROR, with AUTHORITY section, so just looks as though there are no AAAA records configured). Is this just the pool being size-limited in records and happening to currently only include A records? > This pool likely need the keyserver option set to no-check-cert to > function as expected. Speaking for myself, I only use TLSv1+ and my nginx is built with SNI support, so if you want to figure out a policy for handing out certs, I can add a new cert for SNI hostnames in *.pool.sks-keyservers.net. -Phil
pgpDpyDpqLqBM.pgp
Description: PGP signature
_______________________________________________ Sks-devel mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/sks-devel
