On 2012-10-08 at 23:01 +0200, Kristian Fiskerstrand wrote:
> That seems like another bug to add to the SRV port not being used for
> SRV handling. Are you sending it over to gnupg-{users,devel}?I just filed a bug: https://bugs.g10code.com/gnupg/issue1447 > I'll have to remove the SRV record for keys.kfwebs.net for the pool to > function correctly at the moment, as this is not handled. But that bug > has already been reported upstream. > > Any thoughts on how I should proceed? Should I disable the cert check in > my crawler so that all hkps servers show up for now until some more of > the server operators (presuming they want to) generate CSRs, or, given > the young nature of this pool, would it be OK to just grow organically? I think we should leave the cert check in, _if_ you can ensure that you're sending SNI of "hkps.sks-keyservers.net", to retrieve the correct cert from the server. Then let it grow, and note that this pool is only going to be usable with bug-fixed GnuPG. -Phil
pgpeWDxYgQGoK.pgp
Description: PGP signature
_______________________________________________ Sks-devel mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/sks-devel
