[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Implications of GDPR

From: Kristian Fiskerstrand
Subject: Re: [Sks-devel] Implications of GDPR
Date: Mon, 30 Apr 2018 14:12:55 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0

On 04/30/2018 01:59 PM, Andrew Gallagher wrote:
> Certificate validation may also be an issue, because many HTTPS pool
> members only have the pool SSL certificate - which won't validate in the
> normal manner when bypassing the pool round-robin.

The certs includes CN and SANs for the keyserver, so it could still be
used in this scenario, actually. The SNI setups I've seen with deviating
handling use e.g letsencrypt cert when doing direct keyserver request,
but that would still validate.

But you'd potentially also have issues with keydumps as well as split
pools serving different keyblocks depending on which server you hit - so
I believe the underlying question is more complex than just throwing
https on it, although it is certainly possible to do so.

Immediately it sounds like just increasing the overhead without much
value added though (the data is public anyways), but the whole GDPR is a
mess to begin with.

Kristian Fiskerstrand
Twitter: @krifisk
Public OpenPGP keyblock at hkp://
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
"Expect the best. Prepare for the worst. Capitalize on what comes."
(Zig Ziglar)

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]