[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] redirect http to https?

From: Jonathon Weiss
Subject: Re: [Sks-devel] redirect http to https?
Date: Thu, 21 Aug 2014 16:53:48 -0400

Just for the record, but question was prompted by a user who sent mail to the 
contact point for, and not by anything I saw on this list.


Matthias Schreiber <address@hidden> wrote:

> As this is obviously referring to my post, I would like to clarify a
> few things in order to avoid further confusion/misunderstandings:
> I never suggested to redirect http connections to https (you and
> Kristian already pointed the problems on the client-side out) and I
> never pushed people towards encryption.
> What I did was to setup my key server in order to offer hkps
> connections. I saw the other ongoing post related to protocols and
> cipher suites and wanted to learn how the others in the hkps pool
> realized their web server configurations. I used the mentioned web
> tool and saw that a smaller part of that pool had insecure and/or weak
> settings related to SSL. I posted a rough summary in order to help to
> improve or harden (or whatever you might say) the hkps service on
> these servers. As I'm very limited with regard to programming skills
> etc. I saw this as a chance to give back at least something small to
> the community. From my point of view, if a certain pool of key servers
> wants to offer hkps then it would be preferable if they would do it
> with "state-of-the-art" implementations, protocols and cipher suites.
> That was the intention of my post. Nothing more, nothing less.
> And regarding to the upcoming question related to thread models etc.,
> Phil was so kind to write a comprehensive post worth reading, which
> increased (I guess not only) my understanding of the topic.
> Thank you for your time,
> Matthias
> Am 19.08.2014 23:39, schrieb Jonathon Weiss:
> > 
> > So, a user suggested that we should redirect all http connections
> > to https.  The user was clearly confused in a number of ways about
> > how the keyservers worked, and his specific examples of why it was
> > important were incorrect.  That said, there's clearly at least a
> > little value in pushing people toward encryption.
> > 
> > So, I was wondering.  Has anyone done this?  Are there concerns
> > about (non-browser) clients using hkp but not supporting re-directs
> > or hkps, who would then be unable to use our server?  I suppose I
> > could consider leaving port 11371 as is, but force re-directs on
> > port 80.  That would probably satisfy the clueless masses on the
> > internet, but would it eliminate any risk of breakage?
> > 
> > Jonathon
> > 
> > Jonathon Weiss <address@hidden> MIT/IS&T/O&I  Server Operations
> > 
> > _______________________________________________ Sks-devel mailing
> > list address@hidden 
> >
> > 

reply via email to

[Prev in Thread] Current Thread [Next in Thread]