hkps port
David Shaw
dshaw at jabberwocky.com
Thu Apr 2 13:26:27 CEST 2009
On Apr 2, 2009, at 5:33 AM, Werner Koch wrote:
> On Thu, 2 Apr 2009 04:51, dshaw at jabberwocky.com said:
>
>> After some pondering about the proper port for hkps, I think that 443
>> makes the most sense (in other words, use the same port number as
>> https). The reality is that there was never a particular reason why
>> regular hkp needed to be on port 11371. The protocol is really http,
>
> That is true for HTTP but not for HTTPS. Using 443 for hkps usually
> requires the use of a separate IP adress - something I really like to
> avoid. Another port also allow the use of a differentserver
> certificate.
I know. It's a messy situation, and there is no really good answer
for all the problems. Some sites can *only* connect over 443 because
of firewalling rules. I'm rather liking Phil's SRV suggestion at the
moment. If nothing else, it lets server operators pick what they want
for whatever internal reasons they want (firewall support, certificate
issues, IP issues), and just tell the client where to find things.
David
More information about the Gnupg-devel
mailing list