HTTPS keyservers (with SSL-keys recording)

Miroslav Rovis miro.rovis at croatiafidelis.hr
Thu Mar 16 06:55:56 CET 2017


On 170315-16:46+0100, Werner Koch wrote:
> On Wed, 15 Mar 2017 10:14, miro.rovis at croatiafidelis.hr said:
> 
> > keyserver hkps.pool.sks-keyservers.net:443
> 
> I guess we should better default to hkps:// if a scheme is not given.
which is, IIUC, HTTPS key protocol, like hkp:// is HTTP key protocol.

> I have not checked whether this is already the case.
No, it's not implemented, or if it is, it's not by default in my Gentoo.
But if it's local configuration, I'm not an expert to know what to
configure to get it implemented.
 
> > I record SSL-keys all the time, and I believe every communication
> > in/with my machine must be permitted by me, and open to my inspection,
> 
> I didn't understand the need for recording session keys - in general we
> try hard not to leave any trace of session keys.
How do you solve issues that arise then? How do you guard your system if
you don't have an option to inspect what it happening in your system?
There's no defence generally without knowing what happens on your turf,
not really, ever!

> BTW, we should not use the term SSL anymore.
BTW, my original title to that Youtube-dl issue contained SSL-key, not
TLS-key recording, the maintainer there changed that title...

It's very hard for me to contradict someone of your format, Werner, but
other smart people say the name change has been purely political,
without any technical merit to it... So allow me to point to you others
that contradict to you, and IMO rebellion against senseless practices is a
good thing(TM):

https://wiki.wireshark.org/SSL
and if you try:
https://wiki.wireshark.org/TLS
you get "This page does not exist yet."

> 
> Shalom-Salam,
Peace!

>    Werner
> 
> -- 
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

Deutch schreiben, lesen und schprechen I möchte lernen... Aber kein
zeit für jetzt...
( I like German, and German-speaking nations, culture and way of life a
lot. )

Sincere respect and regards to you and your team!
-- 
Miroslav Rovis
Zagreb, Croatia
https://www.CroatiaFidelis.hr
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: </pipermail/attachments/20170316/ce2b02bf/attachment-0001.sig>


More information about the Gnupg-users mailing list