-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 08/19/2014 11:39 PM, Jonathon Weiss wrote: > > So, a user suggested that we should redirect all http connections > to https. The user was clearly confused in a number of ways about > how the keyservers worked, and his specific examples of why it was > important were incorrect. That said, there's clearly at least a > little value in pushing people toward encryption. > > So, I was wondering. Has anyone done this? Are there concerns > about (non-browser) clients using hkp but not supporting re-directs > or hkps, who would then be unable to use our server? I suppose I > could consider leaving port 11371 as is, but force re-directs on > port 80. That would probably satisfy the clueless masses on the > internet, but would it eliminate any risk of breakage?
I do not think redirecting on port 11371 is appropriate as using HKPS require supplemental configuration and is not guaranteed to be supported out of the box by all implementations. iirc there have been plenty of issues e.g. for debian users without the gnupg-curl package (i.e using curl-shim rather than a full curl linkage). I do not have control over which other clients are used, in particular in automated environments, where I suspect the number of breakage would be highest and most difficult to deal with. For port 80 you can do what you want (but the server will dispensary from the p80 sub-pool in such a case as it isn't actually serving content on port 80). - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Nosce te ipsum! Know thyself! -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJT9EwEAAoJEPw7F94F4Tagd0MQALWcK36wQQmp2IrMw2RmEmHn fpJqXFHb2VljwqZSWSFCuIS3aag/MptzrWQJs2GMEwSadhipghSH3vzFj7k2EgKv PCjZ4a2IaY/4N6xq8TbdMA25c4cbVu+ZbHrL5/pH3YkycpeyFqEEWMV2S1lojAja A3VF8GLlIT30EjT228CN3f0RKV1OZSrYjZTMsWc/CxRWagpXO+qXf4dQ84XkZwOn n4SCff7nvc/P4FMCEL/xXhss4mbItWrhafec+zLPWmPQIwiLkKvVZ3wZ88My7xgZ xu4WKQeSnFX9HBOY8+GUKxM22CW0laI+woT+1HhhEkDsaK8lg5U81D+3L3vlZZXo gLUcfOiHMn0PwPOrxQet2r5E/mZJ0PdO8+RxLqSn5TlTqw04pe08aOGWvzcUEpDr 9HZvufvm4PuL2XZB3RFAaxCssRRRt2oCrJEIcY00dJWT0xGw/lpRK3VJI8fdTZXZ xLhVCsZZy5DRjpTlA9CsdDASq4MIWP1ONg9PXGaWXzZoWwwxzAhqFahg3eDIPvfI DuPuziU64AAE6k2ljtFJitCxnmHtCdWC1iuKxsoAJgifadGAOZhc8X+qLgujh9wH dnbZjWQq27NhAINR4aaJEodH5OqKsR1KTZutJaLmovONUI70YSbNBy62fez5ax9e RZ5s5BXMflk+9mSABKYK =y3St -----END PGP SIGNATURE----- _______________________________________________ Sks-devel mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/sks-devel
