On 10/08/2012 11:08 PM, Phil Pennock wrote:
> On 2012-10-08 at 23:01 +0200, Kristian Fiskerstrand wrote:
>> That seems like another bug to add to the SRV port not being used for
>> SRV handling. Are you sending it over to gnupg-{users,devel}?
>
> I just filed a bug:
>
> https://bugs.g10code.com/gnupg/issue1447
>
>> I'll have to remove the SRV record for keys.kfwebs.net for the pool to
>> function correctly at the moment, as this is not handled. But that bug
>> has already been reported upstream.
>>
>> Any thoughts on how I should proceed? Should I disable the cert check in
>> my crawler so that all hkps servers show up for now until some more of
>> the server operators (presuming they want to) generate CSRs, or, given
>> the young nature of this pool, would it be OK to just grow organically?
>
> I think we should leave the cert check in, _if_ you can ensure that
> you're sending SNI of "hkps.sks-keyservers.net", to retrieve the correct
> cert from the server.
>
> Then let it grow, and note that this pool is only going to be usable
> with bug-fixed GnuPG.Well, unless we adhere to the bug itself and remove the SRV record, which isn't strictly necessary for the standard port. -- ---------------------------- Kristian Fiskerstrand http://www.sumptuouscapital.com Twitter: @krifisk ---------------------------- "Great things are not accomplished by those who yield to trends and fads and popular opinion." (Jack Kerouac) ---------------------------- This email was digitally signed using the OpenPGP standard. If you want to read more about this The book: Sending Emails - The Safe Way: An introduction to OpenPGP security is available in both Amazon Kindle and Paperback format at http://www.amazon.com/dp/B006RSG1S4/ ---------------------------- Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sks-devel mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/sks-devel
