From: tlaronde@polynum.com
To: ori@eigenstate.org
Cc: 9front@9front.org
Subject: Re: [9front] patch smtp: ignore unrecognized certificates
Date: Mon, 20 Jul 2020 17:05:01 +0200 [thread overview]
Message-ID: <20200720150501.GA1831@polynum.com> (raw)
In-Reply-To: <42C8297FB90A352B862FEB022164F6D9@eigenstate.org>
On Mon, Jul 20, 2020 at 07:52:04AM -0700, ori@eigenstate.org wrote:
> > It can be quite often. I have a certificate made via cacert.org for
> > example. And I have to renew it regularily. I think that
> > certificates with too long TTL are considered weak. So it's an
> > annoyance.
>
> Hm. I see. Without some sort of check, anyone with a certificate
> can MITM. I wonder how crazy it'd be to implement certificate
> chain verification.
The problem is that if there is a chain, you need to trust the root you
finally end with. So whether this is a volunteers based C.A. or a
professional paying one. It's kind of squaring the circle. The solution
is to maintain one's network with an iron fist in a lead glove (because
lead is malleable so you can hit heavily while protecting the iron) and
to not trust anything outside and to not have to care about how much
untrustable is outside... Well, this generally means kicking out
users...
--
Thierry Laronde <tlaronde +AT+ polynum +dot+ com>
http://www.kergis.com/
http://www.sbfa.fr/
Key fingerprint = 0FF7 E906 FBAF FE95 FD89 250D 52B1 AE95 6006 F40C
next prev parent reply other threads:[~2020-07-20 15:05 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <aee5c8d2-ef2b-4ef2-8594-e6786cbd6e2e@sirjofri.de>
2020-07-19 9:43 ` Joel Fridolin Meyer
2020-07-20 14:05 ` [9front] " ori
2020-07-20 14:20 ` hiro
2020-07-20 14:26 ` ori
2020-07-20 14:46 ` tlaronde
2020-07-20 14:52 ` ori
2020-07-20 15:05 ` tlaronde [this message]
2020-07-20 15:09 ` ori
2020-07-20 15:32 ` hiro
2020-07-21 6:55 ` cinap_lenrek
2020-07-20 16:18 ` cinap_lenrek
2020-07-20 17:16 ` Joel Fridolin Meyer
2020-07-20 22:00 ` Steffen Nurpmeso
2020-07-20 22:05 ` ori
2020-07-20 22:19 ` Kurt H Maier
2020-07-21 13:02 ` Steffen Nurpmeso
2020-07-20 22:07 ` ori
2020-07-21 13:46 ` Steffen Nurpmeso
2020-07-29 7:32 ` sirjofri+ml-9front
2020-07-29 8:04 ` hiro
2020-08-01 10:01 ` cinap_lenrek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200720150501.GA1831@polynum.com \
--to=tlaronde@polynum.com \
--cc=9front@9front.org \
--cc=ori@eigenstate.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).