Just for the record, but question was prompted by a user who sent mail to the contact point for pgp.mit.edu, and not by anything I saw on this list.
Jonathon Matthias Schreiber <schreiber-ma...@web.de> wrote: > As this is obviously referring to my post, I would like to clarify a > few things in order to avoid further confusion/misunderstandings: > > I never suggested to redirect http connections to https (you and > Kristian already pointed the problems on the client-side out) and I > never pushed people towards encryption. > > What I did was to setup my key server in order to offer hkps > connections. I saw the other ongoing post related to protocols and > cipher suites and wanted to learn how the others in the hkps pool > realized their web server configurations. I used the mentioned web > tool and saw that a smaller part of that pool had insecure and/or weak > settings related to SSL. I posted a rough summary in order to help to > improve or harden (or whatever you might say) the hkps service on > these servers. As I'm very limited with regard to programming skills > etc. I saw this as a chance to give back at least something small to > the community. From my point of view, if a certain pool of key servers > wants to offer hkps then it would be preferable if they would do it > with "state-of-the-art" implementations, protocols and cipher suites. > That was the intention of my post. Nothing more, nothing less. > > And regarding to the upcoming question related to thread models etc., > Phil was so kind to write a comprehensive post worth reading, which > increased (I guess not only) my understanding of the topic. > > Thank you for your time, > Matthias > > > > Am 19.08.2014 23:39, schrieb Jonathon Weiss: > > > > So, a user suggested that we should redirect all http connections > > to https. The user was clearly confused in a number of ways about > > how the keyservers worked, and his specific examples of why it was > > important were incorrect. That said, there's clearly at least a > > little value in pushing people toward encryption. > > > > So, I was wondering. Has anyone done this? Are there concerns > > about (non-browser) clients using hkp but not supporting re-directs > > or hkps, who would then be unable to use our server? I suppose I > > could consider leaving port 11371 as is, but force re-directs on > > port 80. That would probably satisfy the clueless masses on the > > internet, but would it eliminate any risk of breakage? > > > > Jonathon > > > > Jonathon Weiss <jwe...@mit.edu> MIT/IS&T/O&I Server Operations > > > > _______________________________________________ Sks-devel mailing > > list Sks-devel@nongnu.org > > https://lists.nongnu.org/mailman/listinfo/sks-devel > > _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel