Questions about OpenPGP best practices

Kristian Fiskerstrand kristian.fiskerstrand at sumptuouscapital.com
Thu Feb 28 18:33:11 CET 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Mark,

A belated answer to this email, as I'm reading through the backlog of
emails.

On 02/26/2013 03:43 PM, Mark H. Wood wrote:
> On Mon, Feb 25, 2013 at 05:54:34PM -0500, Peter Loshin wrote:
>> 3. On using a keyserver with HKPS support: when I attempt to
>> connect (via Chrome) to https://sks-keyservers.net/, I get an
>> error headlined "The site's security certificate is not
>> trusted!", stating " the server presented a certificate issued by
>> an entity that is not trusted by your computer's operating
>> system."

... this part is already answered by Daniel, for a service that
specifically targets the OpenPGP community, I consider using the
OpenPGP WoT more appropriate than any CA Corporation.

>> 4. When I try to use hkps://sks-keyservers.net with GnuPG at the 
>> command line, I get these messages:

Note that you're trying to connect to my webserver, all the pools are
under the "pool" subdomain. HKPS defaults to port 443 and as such this
request correspond to the HTTPS enabled website.


>> And when I try the same with the domain name only
>> (sks-keyservers.net) I get these messages:

...

>> 
>> : can't connect to `sks-keyservers.net': No route to host 
>> gpgkeys: HTTP post error 7: couldn't connect: No route to host 
>> gpg: keyserver internal error gpg: keyserver send failed:
>> Keyserver error
> 
> The site doesn't want unencrypted connections, and they way they 
> enforce this is by returning "no route" to requests for connection
> to port 80.  I would have used "administratively prohibited", to
> give real users a clue, but they may be trying to be less visible
> to 'bots.
> 

See above, you're trying to talk to my webserver rather than any SKS
server, this time on port 11371.


- -- 
- ----------------------------
Kristian Fiskerstrand
Twitter: @krifisk
- ----------------------------
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Aquila non capit muscas
The eagle does not hunt flies
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.0-beta145 (GNU/Linux)

iQIcBAEBCAAGBQJRL5TKAAoJEAt/i2Dj7frjBUAP/191bZD/sPPBAlZWkrtrynS4
9UCYBDnayKNTJ+rKVIW6l29BPpfl0MoJNA1F8DIil6HkYiDilmqT5g77Zd/VZgmn
u0g7sdUUT1XNWzXfqhha/d3spoRRfORdIEX94c/pga35+f+emxNzD3mfYTJJaIHa
gJUG/zIYUmZZUNYJCEmw908qo9H6DYckx1vi6S6nDAk9AuXL2NeAqyazsWycwTQX
ebBRdfWOKs7KAs827MDmGNv1XmgRHmRaGf96l0x/4J/zdcd3dtWCafJ15yMcc3Mj
q+wP4IUEIahGJ9Vq/UyuQa4g4XA/g5bCN/p+2Tn/hxoEAz+8FN2WFh8+33JZ5TpL
AjGi1UqpwnF2clH6XqLnKv1QMpw2FeZTalaITxnB/gqHvSYLp4oc9L9YAsMsWrtm
Z9X8b2oo6DTROUUlSQMUehQmBL6Gs1mBNYs/vKacjYxyrTL0E0m/SpWi6+IUej2N
OxiXXbT5IWSRmAcJjgA81NUNOg4fPkYKZHzBw9okgm0GG9dT45cw36/ZGMK2uuaJ
cQZOIt3UsmlmDQvbxxQIBz2EWuoMpSDpjiQjZX2LEq3pdkKwr8l6wuBIWuYBzAzI
HNuv4pro6YEH61VpJ8rkjYz49ROmBb91gYI22r6Jl5jI0huO+w868dk7w1qoNqkO
vWFqzN3JTvF62N21jYz4
=EopU
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list