From: Ted Zlatanov <tzz@lifelogs.com>
To: ding@gnus.org
Subject: Re: SSL certificate issues for git.gnus.org
Date: Mon, 28 Feb 2011 13:33:44 -0600 [thread overview]
Message-ID: <8739n80x9j.fsf@lifelogs.com> (raw)
In-Reply-To: <87wrknlnz4.fsf@topper.koldfront.dk>
On Fri, 25 Feb 2011 23:59:43 +0100 asjo@koldfront.dk (Adam Sjøgren) wrote:
AS> On Fri, 25 Feb 2011 16:54:01 -0600, Ted wrote:
AS> How is SSL using a self-signed certificate insecure?
>> Users have to either import the certificate initially or disable
>> http.sslVerify. Neither is as secure as a valid certificate chain with
>> a CA bundle that's already installed, although the former is better of
>> course.
AS> The only difference in security is whatever confirmation of identity the
AS> organisation signing the certificate performs, right?
You're talking about abstract security, as a signing process. I'm
saying the *user* has to either import the self-signed certificate off
the website and hope it's not compromised or he has to disable
http.sslVerify.
Furthermore, a self-signed certificate looks unprofessional. It's
better to set up a CA or to use a well-known one. savannah.gnu.org
thinks so too and uses CAcert:
http://savannah.gnu.org/tls/
This actually connects to some questions I had about Emacs' built-in
certificates when I worked on GnuTLS support. But neither the GNU
project nor the FSF seem to have a policy in this regard so we default
to whatever certificates the OS trusts.
On Sat, 26 Feb 2011 08:51:30 +0100 Julien Danjou <julien@danjou.info> wrote:
JD> I hate this certificate business which brings nothing if just money
JD> to bad companies.
I respectfully disagree. The current prices on the major sellers are
certainly ridiculous but there are many reasonable and even free ones.
On Sat, 26 Feb 2011 15:59:53 +0100 Steinar Bang <sb@dod.no> wrote:
>>>>>> asjo@koldfront.dk (Adam Sjøgren):
>> ... and some good *coughUbuntucough*
SB> I'm not sure, but I think they also support http://cacert.org as a CA,
SB> like debian does...?
Debian does, but Ubuntu doesn't, unfortunately. See
http://wiki.cacert.org/InclusionStatus
Ted
next prev parent reply other threads:[~2011-02-28 19:33 UTC|newest]
Thread overview: 108+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-04-12 2:25 Gnus Git repository info and comitters: need updated password Ted Zlatanov
2010-04-12 8:31 ` David Engster
2010-04-12 10:20 ` Adam Sjøgren
2010-04-12 17:36 ` Andreas Schwab
2010-04-12 17:52 ` Ted Zlatanov
2010-04-12 18:57 ` Andreas Schwab
2010-04-14 10:38 ` Ted Zlatanov
2010-04-14 11:24 ` Andreas Schwab
2010-04-14 13:10 ` Ted Zlatanov
2010-04-14 16:59 ` Andreas Schwab
2010-04-15 3:07 ` Ted Zlatanov
2010-04-15 7:57 ` Andreas Schwab
2010-04-12 17:27 ` Andreas Schwab
2010-04-12 17:49 ` Ted Zlatanov
2010-04-12 18:29 ` Bjørn Mork
2010-04-12 19:01 ` Ted Zlatanov
2010-04-12 18:53 ` Andreas Schwab
2010-04-12 19:12 ` Andreas Schwab
2010-04-12 19:18 ` Ted Zlatanov
2010-04-12 19:29 ` Andreas Schwab
[not found] ` <87bpdpgsj9.fsf@gate450.dyndns.org>
2010-04-14 11:07 ` Ted Zlatanov
2010-04-14 11:34 ` Romain Francoise
2010-04-15 6:50 ` Katsumi Yamaoka
2010-04-15 13:46 ` Ted Zlatanov
2010-04-15 17:04 ` Andreas Schwab
2010-04-15 22:54 ` Andreas Seltenreich
2010-04-16 1:25 ` Ted Zlatanov
2010-04-16 21:49 ` Andreas Schwab
2010-04-17 21:00 ` Ted Zlatanov
2010-04-17 8:24 ` Andreas Seltenreich
2010-04-17 10:01 ` Andreas Schwab
2010-04-17 16:52 ` Andreas Seltenreich
2010-04-17 10:29 ` Andreas Schwab
2010-04-17 21:02 ` Ted Zlatanov
2010-04-17 21:28 ` Ted Zlatanov
2010-04-17 22:00 ` Ted Zlatanov
2010-04-17 23:26 ` Tim Landscheidt
2010-04-18 9:51 ` Andreas Seltenreich
2010-04-18 11:53 ` Ted Zlatanov
2010-04-18 12:10 ` Leo
2010-04-18 15:26 ` Ted Zlatanov
2010-04-18 21:04 ` Gnus, git, www.gnus.org (was: Gnus Git repository info and comitters: need updated password) Reiner Steib
2010-04-19 17:49 ` Gnus, git, www.gnus.org Reiner Steib
2010-04-19 18:10 ` Ted Zlatanov
2010-04-19 19:21 ` Andreas Schwab
2010-04-19 20:12 ` Ted Zlatanov
2010-04-19 23:28 ` Tim Landscheidt
2010-04-20 3:41 ` Ted Zlatanov
2010-04-22 17:31 ` Sivaram Neelakantan
2010-04-22 19:48 ` Andreas Schwab
2010-04-22 23:49 ` Ted Zlatanov
2010-04-23 0:35 ` Harry Putnam
2010-04-23 1:28 ` Russ Allbery
2010-04-23 10:00 ` Bjørn Mork
2010-04-23 13:01 ` Ted Zlatanov
2010-04-23 13:08 ` Greg Troxel
2010-04-23 13:20 ` Ted Zlatanov
2010-04-23 9:18 ` Sivaram Neelakantan
2010-04-23 12:54 ` Andreas Schwab
2010-04-23 16:41 ` Sivaram Neelakantan
2010-04-18 13:06 ` Gnus Git repository info and comitters: need updated password Andreas Seltenreich
2010-04-18 15:20 ` Ted Zlatanov
2010-04-18 15:32 ` Ted Zlatanov
2010-04-18 16:35 ` Andreas Seltenreich
2010-04-18 23:37 ` Ted Zlatanov
2010-04-19 1:01 ` Ted Zlatanov
2010-04-19 6:12 ` James Cloos
2010-04-20 3:11 ` Ted Zlatanov
2010-04-23 9:54 ` Tim Landscheidt
2010-04-23 13:16 ` SSL certificate issues for git.gnus.org (was: Gnus Git repository info and comitters: need updated password) Ted Zlatanov
2011-02-25 21:58 ` SSL certificate issues for git.gnus.org Ted Zlatanov
2011-02-25 22:39 ` Adam Sjøgren
2011-02-25 22:54 ` Ted Zlatanov
2011-02-25 22:59 ` Adam Sjøgren
2011-02-26 7:51 ` Julien Danjou
2011-02-26 13:14 ` Adam Sjøgren
2011-02-26 14:59 ` Steinar Bang
2011-02-28 19:33 ` Ted Zlatanov [this message]
2011-02-28 21:01 ` Steinar Bang
2011-03-01 10:38 ` Ted Zlatanov
2011-03-01 10:53 ` Steinar Bang
2011-03-05 12:04 ` Lars Magne Ingebrigtsen
2011-03-05 20:00 ` Steinar Bang
2011-03-07 17:26 ` Ted Zlatanov
2011-03-10 9:44 ` Simon Josefsson
2011-03-10 11:55 ` Steinar Bang
2011-03-10 21:50 ` Simon Josefsson
2011-03-10 22:01 ` Ted Zlatanov
2011-03-11 5:57 ` Simon Josefsson
2011-03-13 22:24 ` Lars Magne Ingebrigtsen
2011-03-14 8:59 ` Simon Josefsson
2011-03-14 9:30 ` Matthias Andree
2011-03-15 15:45 ` Lars Magne Ingebrigtsen
2011-03-15 16:03 ` Ted Zlatanov
2011-03-16 10:59 ` Ted Zlatanov
2011-03-16 11:31 ` Greg Troxel
2011-03-16 13:21 ` Ted Zlatanov
2011-03-17 11:07 ` Ted Zlatanov
2011-03-10 15:52 ` Ted Zlatanov
2011-03-10 19:43 ` James Cloos
2011-03-21 19:54 ` Adam Sjøgren
2011-03-21 22:41 ` Ted Zlatanov
2011-03-21 22:45 ` Adam Sjøgren
2011-02-26 9:24 ` Steinar Bang
2010-04-18 8:47 ` Gnus Git repository info and comitters: need updated password Andreas Schwab
2010-04-16 6:14 ` Katsumi Yamaoka
2010-04-16 9:47 ` Ted Zlatanov
2010-04-16 8:19 ` Didier Verna
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8739n80x9j.fsf@lifelogs.com \
--to=tzz@lifelogs.com \
--cc=ding@gnus.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).