pool status page, not recognizing hkps

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

pool status page, not recognizing hkps

Paul Neuwirth
This is an OpenPGP/MIME signed message (RFC2440, RFC3156).

--=_MIME_CONTENT_BREAK_=_ESYVDRXTTLZGFRUADUKXAUICTLNKCYC_=
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline; filename="message.txt"
Content-Transfer-Encoding: quoted-printable

Hello,

my keyserver keyserver.swabian.net has also hkps enabled on port=20
443 since several months now.
But in the pool status page I do not see hkps enabled.
Do I miss a DNS entry? or is something different wrong with my setup?

Thank you

Paul

--=_MIME_CONTENT_BREAK_=_ESYVDRXTTLZGFRUADUKXAUICTLNKCYC_=
Content-Type: application/pgp-signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Topal (http://freshmeat.net/projects/topal)

iQIcBAEBAgAGBQJbFd77AAoJEIiaa+Y8YDPu2JgQAKevlE0EZ7TuZWZ/sy6/jUS4
pxkUXqXvEMaQ+J+5BcudZuoi81Owp4HZO/iV3gCTAgJdMo7Dc46eebI0BQyxxqTj
dn/xU7GwEzW8m+oFa2ylxrtB5DWLvyubgiUrzExFSCftJJ7mCfsUbkhqqtKxT9Cm
gi9Zy0EYQ3/q/fEDRALhyv9iPJ+mCjtJrgf9bYcFEONcDdo7OmZBKneilIDGnh19
ITBvm2Cx6Bh5f6Hx3kyvTPRxy5yP29KHJY7Eqdj98IjBAQ+FzNNrjXImqfx/9MkG
aVmg8g8I8fjTGk+dshkXyn83CS/BbZ0rgO0hKp5a+LQQPDUtQQt6ghL+NOsEIa1C
w3g4B+hvRJjxpJOvqgod8Up4iI9W69u8V94CshBJYaZM/Qg9oDFtWP0Tiblu1Wm4
Ns/05yBHY3JRYnplbl2xlVt22Cw51h9R25mNpej+35a/qYxNn0HEPOhJkUw6FEbD
nXwu88y4kiPhK7dn/jGVcTwskEDeOTnHNbBCvCQ+7p1os7L13FLHkgI2clpl88lT
DIINCgi45/Un4Wiqsltoos6KVXr/RsIdrbhx/GDJErUwe6lZ/oqpFN4pCd9oen6Z
PSC6xlBNWQYwr4DEoaX+O7xNggkp+TBij/PQWuu0MufQSoZjPBy7WEg33MlmzheO
mt/9okUPD1GOe2gMyTc9
=d8lS
-----END PGP SIGNATURE-----

--=_MIME_CONTENT_BREAK_=_ESYVDRXTTLZGFRUADUKXAUICTLNKCYC_=--

_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: pool status page, not recognizing hkps

Moritz Wirth-2
This is a pool containing only servers available using hkps. Regular A
and AAAA and SRV records are included for port 443 servers, and a lookup
is performed for _pgpkey-https._tcp on the individual servers to
determine if a hkps enabled service is listening on another port. At
this point, however, servers not running on port 443 are not included.
This pool only include servers that have been certified by the
sks-keyservers.net CA, of which the certificate can be found at
https://sks-keyservers.net/sks-keyservers.netCA.pem

https://sks-keyservers.net/overview-of-pools.php

Am 05.06.18 um 02:53 schrieb Paul Neuwirth:

> This is an OpenPGP/MIME signed message (RFC2440, RFC3156).
>
> --=_MIME_CONTENT_BREAK_=_ESYVDRXTTLZGFRUADUKXAUICTLNKCYC_=
> Content-Type: text/plain; charset="utf-8"
> Content-Disposition: inline; filename="message.txt"
> Content-Transfer-Encoding: quoted-printable
>
> Hello,
>
> my keyserver keyserver.swabian.net has also hkps enabled on port=20
> 443 since several months now.
> But in the pool status page I do not see hkps enabled.
> Do I miss a DNS entry? or is something different wrong with my setup?
>
> Thank you
>
> Paul
>
> --=_MIME_CONTENT_BREAK_=_ESYVDRXTTLZGFRUADUKXAUICTLNKCYC_=
> Content-Type: application/pgp-signature
> Content-Disposition: attachment; filename="signature.asc"
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
> Comment: Topal (http://freshmeat.net/projects/topal)
>
> iQIcBAEBAgAGBQJbFd77AAoJEIiaa+Y8YDPu2JgQAKevlE0EZ7TuZWZ/sy6/jUS4
> pxkUXqXvEMaQ+J+5BcudZuoi81Owp4HZO/iV3gCTAgJdMo7Dc46eebI0BQyxxqTj
> dn/xU7GwEzW8m+oFa2ylxrtB5DWLvyubgiUrzExFSCftJJ7mCfsUbkhqqtKxT9Cm
> gi9Zy0EYQ3/q/fEDRALhyv9iPJ+mCjtJrgf9bYcFEONcDdo7OmZBKneilIDGnh19
> ITBvm2Cx6Bh5f6Hx3kyvTPRxy5yP29KHJY7Eqdj98IjBAQ+FzNNrjXImqfx/9MkG
> aVmg8g8I8fjTGk+dshkXyn83CS/BbZ0rgO0hKp5a+LQQPDUtQQt6ghL+NOsEIa1C
> w3g4B+hvRJjxpJOvqgod8Up4iI9W69u8V94CshBJYaZM/Qg9oDFtWP0Tiblu1Wm4
> Ns/05yBHY3JRYnplbl2xlVt22Cw51h9R25mNpej+35a/qYxNn0HEPOhJkUw6FEbD
> nXwu88y4kiPhK7dn/jGVcTwskEDeOTnHNbBCvCQ+7p1os7L13FLHkgI2clpl88lT
> DIINCgi45/Un4Wiqsltoos6KVXr/RsIdrbhx/GDJErUwe6lZ/oqpFN4pCd9oen6Z
> PSC6xlBNWQYwr4DEoaX+O7xNggkp+TBij/PQWuu0MufQSoZjPBy7WEg33MlmzheO
> mt/9okUPD1GOe2gMyTc9
> =d8lS
> -----END PGP SIGNATURE-----
>
> --=_MIME_CONTENT_BREAK_=_ESYVDRXTTLZGFRUADUKXAUICTLNKCYC_=--
>
> _______________________________________________
> Sks-devel mailing list
> [hidden email]
> https://lists.nongnu.org/mailman/listinfo/sks-devel


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (876 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: pool status page, not recognizing hkps

Phil Pennock-17
In reply to this post by Paul Neuwirth
On 2018-06-05 at 02:53 +0200, Paul Neuwirth wrote:
> my keyserver keyserver.swabian.net has also hkps enabled on port=20
> 443 since several months now.
> But in the pool status page I do not see hkps enabled.
> Do I miss a DNS entry? or is something different wrong with my setup?

https://bitbucket.org/skskeyserver/sks-keyserver/wiki/TLS%20Configuration

I've updated it to be clearer about the need for manual action to join
the pool and to link to the instructions for doing so.

-Phil

_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: pool status page, not recognizing hkps

Gabor Kiss
On Tue, 5 Jun 2018, Phil Pennock wrote:

> https://bitbucket.org/skskeyserver/sks-keyserver/wiki/TLS%20Configuration
>
> I've updated it to be clearer about the need for manual action to join
> the pool and to link to the instructions for doing so.

| In practice, there's one well-run HKPS pool, which has pretty much defined
| the semantics of HKP/TLS operation. This is run by Kristian Fiskerstrand in
| Norway, and details of that pool's root CA are available at
| https://sks-keyservers.net/verify_tls.php. To have your server join this
| pool, read https://sks-keyservers.net/overview-of-pools.php#pool_hkps and
| follow the instructions there.

The only problem that Kristian has no time to care with certificate requests.
We should talk about an other way of establishing HKPS pool.

Gabor

_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel