Desperately Seeking Kristian - SKS HKPS certificate renewals

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

Desperately Seeking Kristian - SKS HKPS certificate renewals

Todd Fleisher
Hi all,
Has anyone seen or heard from Kristian in the last month or so? I’ve reached out several times off list about the upcoming expiration of my server’s certificate for the HKPS pool but have not received any response. My certificate expires in 10 days, at which point I will no longer be able to serve requests for hkps.pool.sks-keyservers.net and will have to generate my own certificate so other clients can continue to securely access my server directly. Also, the SKS HKPS certificates of the only other servers in the pool expire in 36 days. If new certificates are not minted by that time the SKS HKPS pool will become defunct. If anyone has other channels by which to reach Kristian, please use them to reach out and make sure he is OK & aware of this impending issue.

SSL WARNING - Certificate 'sks.pod02.fleetstreetops.com' expires in 10 day(s) (2020-06-22 09:47 -0700/PDT).
SSL WARNING - Certificate 'pgpkeys.uk' expires in 36 day(s) (2020-07-17 11:43 -0700/PDT).
SSL WARNING - Certificate 'pgpkeys.eu' expires in 36 day(s) (2020-07-17 11:42 -0700/PDT).
SSL WARNING - Certificate 'pgpkeys.co.uk' expires in 36 day(s) (2020-07-17 11:41 -0700/PDT).

-T


signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Desperately Seeking Kristian - SKS HKPS certificate renewals

Gabor Kiss
On Thu, 11 Jun 2020, Todd Fleisher wrote:

> Has anyone seen or heard from Kristian in the last month or so? I?ve reached

> SKS HKPS pool will become defunct. If anyone has other channels by which to
> reach Kristian, please use them to reach out and make sure he is OK & aware
> of this impending issue.

https://mobile.twitter.com/krifisk

Gabor

Reply | Threaded
Open this post in threaded view
|

Re: Desperately Seeking Kristian - SKS HKPS certificate renewals

Todd Fleisher
Thanks for the suggestion, Gabor. He doesn’t appear to have been active there since last summer, but it can’t hurt to try.

-T

> On Jun 11, 2020, at 21:19, Gabor Kiss <[hidden email]> wrote:
>
> On Thu, 11 Jun 2020, Todd Fleisher wrote:
>
>> Has anyone seen or heard from Kristian in the last month or so? I?ve reached
>
>> SKS HKPS pool will become defunct. If anyone has other channels by which to
>> reach Kristian, please use them to reach out and make sure he is OK & aware
>> of this impending issue.
>
> https://mobile.twitter.com/krifisk
>
> Gabor
>


signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Desperately Seeking Kristian - SKS HKPS certificate renewals

Chris Kuethe
If only there was some way to establish trust (secrecy, authenticity, integrity) relationships in a distributed manner, rather than relying on a small pool of third parties who might suddenly become unavailable... 🤔😂

On Fri, Jun 12, 2020 at 10:39 AM Todd Fleisher <[hidden email]> wrote:
Thanks for the suggestion, Gabor. He doesn’t appear to have been active there since last summer, but it can’t hurt to try.

-T

> On Jun 11, 2020, at 21:19, Gabor Kiss <[hidden email]> wrote:
>
> On Thu, 11 Jun 2020, Todd Fleisher wrote:
>
>> Has anyone seen or heard from Kristian in the last month or so? I?ve reached
>
>> SKS HKPS pool will become defunct. If anyone has other channels by which to
>> reach Kristian, please use them to reach out and make sure he is OK & aware
>> of this impending issue.
>
> https://mobile.twitter.com/krifisk
>
> Gabor
>



--
GDB has a 'break' feature; why doesn't it have 'fix' too?
Reply | Threaded
Open this post in threaded view
|

Re: Desperately Seeking Kristian - SKS HKPS certificate renewals

Gabor Kiss
In reply to this post by Todd Fleisher
On Fri, 12 Jun 2020, Todd Fleisher wrote:

> Thanks for the suggestion, Gabor. He doesn?t appear to have been active there since last summer, but it can?t hurt to try.

Ooops... I thougth these are fresh posts. I missed the year. :-(
Sorry for the line noise.

Gabor

Reply | Threaded
Open this post in threaded view
|

Re: Desperately Seeking Kristian - SKS HKPS certificate renewals

Philihp Busby
In reply to this post by Chris Kuethe
If only 😂

On 2020-06-12T10:53:35-0700 Chris Kuethe <[hidden email]> wrote 2.9K bytes:

> If only there was some way to establish trust (secrecy, authenticity,
> integrity) relationships in a distributed manner, rather than relying on a
> small pool of third parties who might suddenly become unavailable... 🤔😂
>
> On Fri, Jun 12, 2020 at 10:39 AM Todd Fleisher <[hidden email]>
> wrote:
>
> > Thanks for the suggestion, Gabor. He doesn’t appear to have been active
> > there since last summer, but it can’t hurt to try.
> >
> > -T
> >
> > > On Jun 11, 2020, at 21:19, Gabor Kiss <[hidden email]> wrote:
> > >
> > > On Thu, 11 Jun 2020, Todd Fleisher wrote:
> > >
> > >> Has anyone seen or heard from Kristian in the last month or so? I?ve
> > reached
> > >
> > >> SKS HKPS pool will become defunct. If anyone has other channels by
> > which to
> > >> reach Kristian, please use them to reach out and make sure he is OK &
> > aware
> > >> of this impending issue.
> > >
> > > https://mobile.twitter.com/krifisk
> > >
> > > Gabor
> > >
> >
> >
>
> --
> GDB has a 'break' feature; why doesn't it have 'fix' too?

signature.asc (885 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Desperately Seeking Kristian - SKS HKPS certificate renewals

Todd Fleisher
In reply to this post by Todd Fleisher
FYI - the SKS certificate for sks.pod02.fleetstreetops.com has now expired and been replaced with a standard SSL certificate from Let’s Encrypt as of 1646 UTC. As such, it will no longer be able to field requests for the hkps.pool.sks-keyservers.net CNAME. While I was writing this I see the DNS CNAME has updated so I should stop receiving requests I cannot service without a new certificate.

25 days until Dan Austin’s certificates expire on the remaining nodes in the pool.

-T

On Jun 11, 2020, at 11:13, Todd Fleisher <[hidden email]> wrote:

Hi all,
Has anyone seen or heard from Kristian in the last month or so? I’ve reached out several times off list about the upcoming expiration of my server’s certificate for the HKPS pool but have not received any response. My certificate expires in 10 days, at which point I will no longer be able to serve requests for hkps.pool.sks-keyservers.net and will have to generate my own certificate so other clients can continue to securely access my server directly. Also, the SKS HKPS certificates of the only other servers in the pool expire in 36 days. If new certificates are not minted by that time the SKS HKPS pool will become defunct. If anyone has other channels by which to reach Kristian, please use them to reach out and make sure he is OK & aware of this impending issue.

SSL WARNING - Certificate 'sks.pod02.fleetstreetops.com' expires in 10 day(s) (2020-06-22 09:47 -0700/PDT).
SSL WARNING - Certificate 'pgpkeys.uk' expires in 36 day(s) (2020-07-17 11:43 -0700/PDT).
SSL WARNING - Certificate 'pgpkeys.eu' expires in 36 day(s) (2020-07-17 11:42 -0700/PDT).
SSL WARNING - Certificate 'pgpkeys.co.uk' expires in 36 day(s) (2020-07-17 11:41 -0700/PDT).

-T



signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Desperately Seeking Kristian - SKS HKPS certificate renewals

Stephan Brunner
Hey,

maybe you can try your luck on facebook:
        https://www.facebook.com/kristian.fiskerstrand

Seems he was last active in late march... Can't guarantee that it really
is him, but as a last resort it could help...

-Stephan

On 22.06.20 19:55, Todd Fleisher wrote:

> FYI - the SKS certificate for sks.pod02.fleetstreetops.com
> <http://sks.pod02.fleetstreetops.com> has now expired and been replaced
> with a standard SSL certificate from Let’s Encrypt as of 1646 UTC. As
> such, it will no longer be able to field requests for
> the hkps.pool.sks-keyservers.net <http://hkps.pool.sks-keyservers.net>
> CNAME. While I was writing this I see the DNS CNAME has updated so I
> should stop receiving requests I cannot service without a new certificate.
>
> 25 days until Dan Austin’s certificates expire on the remaining nodes in
> the pool.
>
> -T
>
>> On Jun 11, 2020, at 11:13, Todd Fleisher <[hidden email]
>> <mailto:[hidden email]>> wrote:
>>
>> Hi all,
>> Has anyone seen or heard from Kristian in the last month or so? I’ve
>> reached out several times off list about the upcoming expiration of my
>> server’s certificate for the HKPS pool but have not received any
>> response. My certificate expires in 10 days, at which point I will no
>> longer be able to serve requests for hkps.pool.sks-keyservers.net
>> <http://hkps.pool.sks-keyservers.net/> and will have to generate my
>> own certificate so other clients can continue to securely access my
>> server directly. Also, the SKS HKPS certificates of the only other
>> servers in the pool expire in 36 days. If new certificates are not
>> minted by that time the SKS HKPS pool will become defunct. If anyone
>> has other channels by which to reach Kristian, please use them to
>> reach out and make sure he is OK & aware of this impending issue.
>>
>>     SSL WARNING - Certificate 'sks.pod02.fleetstreetops.com
>>     <http://sks.pod02.fleetstreetops.com/>' expires in 10 day(s)
>>     (2020-06-22 09:47 -0700/PDT).
>>     SSL WARNING - Certificate 'pgpkeys.uk <http://pgpkeys.uk/>'
>>     expires in 36 day(s) (2020-07-17 11:43 -0700/PDT).
>>     SSL WARNING - Certificate 'pgpkeys.eu <http://pgpkeys.eu/>'
>>     expires in 36 day(s) (2020-07-17 11:42 -0700/PDT).
>>     SSL WARNING - Certificate 'pgpkeys.co.uk <http://pgpkeys.co.uk/>'
>>     expires in 36 day(s) (2020-07-17 11:41 -0700/PDT).
>>
>>
>> -T
>>
>


signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Desperately Seeking Kristian - SKS HKPS certificate renewals

Kristian Fiskerstrand-6
On 23.06.2020 09:24, Stephan Brunner wrote:
> Hey,
>
> maybe you can try your luck on facebook:
> https://www.facebook.com/kristian.fiskerstrand
>
> Seems he was last active in late march... Can't guarantee that it really
> is him, but as a last resort it could help..

Thats me, but I'm around here, just focusing on everything else than
computers lately, sorry about that (but it has really been nice..)

Will get around to issuing a new certificate for you (todd) later today
or tomorrow.

(p.s , as for expired openpgp cert it was sent to sks network, but
should also be avalable fresh copy through wkd)
--
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
Corruptissima re publica plurimæ leges
The greater the degeneration of the republic, the more of its laws


signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Desperately Seeking Kristian - SKS HKPS certificate renewals

Todd Fleisher
In reply to this post by Todd Fleisher
FYI - the SKS certificate for sks.pod02.fleetstreetops.com has now been renewed so it is back in service for the hkps.pool.sks-keyservers.net CNAME as of ~2138 UTC.

-T

On Jun 22, 2020, at 10:55, Todd Fleisher <[hidden email]> wrote:

FYI - the SKS certificate for sks.pod02.fleetstreetops.com has now expired and been replaced with a standard SSL certificate from Let’s Encrypt as of 1646 UTC. As such, it will no longer be able to field requests for the hkps.pool.sks-keyservers.net CNAME. While I was writing this I see the DNS CNAME has updated so I should stop receiving requests I cannot service without a new certificate.

25 days until Dan Austin’s certificates expire on the remaining nodes in the pool.

-T



signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Desperately Seeking Kristian - SKS HKPS certificate renewals

ygrek
In reply to this post by Kristian Fiskerstrand-6
Hi,

 there was a report of expired certificate: https://github.com/SKS-Keyserver/sks-keyserver/issues/81

--

Reply | Threaded
Open this post in threaded view
|

Re: Desperately Seeking Kristian - SKS HKPS certificate renewals

Todd Fleisher
I posted a reply noting it’s not clear from the GitHub issue whether they were trying to contact the HKPS pool or trying to access the non-HKPS pool with SSL. In the linked Endeavour thread, Ben mentions:

It appears to be an error with the SSL certificate of pool.sks-keyservers.net. The server is providing a certificate for pgp.ocf.berkeley.edu.

EDIT: The certificate is also expired.

That will never work, because pool.sks-keyservers.net only supports unencrypted connections when using the CNAME. Going to an individual server in the pool and trying to use HKPS/HTTPS (e.g. <a href="hkps://pgp.ocf.berkeley.edu" class="">hkps://pgp.ocf.berkeley.edu) might work on it’s own assuming it has a publicly trusted SSL certificate configured. And unless the OCF keyserver admins had to intervene an manually update it looks like their Lets Encrypt SSL certificate should have been valid 5 days ago when that thread was created as it was minted over a month prior on June 23, 2020.

-T

On Aug 2, 2020, at 22:33, ygrek <[hidden email]> wrote:

Hi,

there was a report of expired certificate: https://github.com/SKS-Keyserver/sks-keyserver/issues/81

--



signature.asc (849 bytes) Download Attachment