Hi, I searched over the net but could not find anything related so here goes. I access my newsgroups using news.gwene.org. Offlate when I start gnus, I am getting a message that the fingerprint has changed and whether I want to still connect. It gives me an option whether I want to accept the certificate only for this session or permanently etc. Is this anything to worry about? Regards, Prateek
Prateek Sadhukhan <psadhukh@gmail.com> writes:
> Hi,
>
> I searched over the net but could not find anything related so here goes.
>
> I access my newsgroups using news.gwene.org. Offlate when I start gnus,
> I am getting a message that the fingerprint has changed and whether I want
> to still connect. It gives me an option whether I want to accept the
> certificate only for this session or permanently etc.
>
> Is this anything to worry about?
That means that the certificate that news.gwene.org has changed, as it
does every 3 months. If the message youʼre getting identifies the
certificate as belonging to gwene.org, then youʼre ok. If not, someone
might be trying to intercept traffic, or thereʼs a misconfigured https
proxy in the middle somewhere.
Robert
>>>>> "PS" == Prateek Sadhukhan <psadhukh@gmail.com> writes:
PS> I access my newsgroups using news.gwene.org. Offlate when I start gnus,
PS> I am getting a message that the fingerprint has changed and whether I want
PS> to still connect.
PS> Is this anything to worry about?
no.
they use lets encrypt for the tls certs, which update every two to three
months. most le clients also create new private keys for each new cert,
to improve security.
it is normal for gnus to make that request every couple of months or so.
-JimC
--
James Cloos <cloos@jhcloos.com> OpenPGP: 0x997A9F17ED7DAEA6
Thank you for your responses.
I have accepted it.
Regards,
Prateek
James Cloos <cloos@jhcloos.com> writes:
>>>>>> "PS" == Prateek Sadhukhan <psadhukh@gmail.com> writes:
>
> PS> I access my newsgroups using news.gwene.org. Offlate when I start gnus,
> PS> I am getting a message that the fingerprint has changed and whether I want
> PS> to still connect.
>
> PS> Is this anything to worry about?
>
> no.
>
> they use lets encrypt for the tls certs, which update every two to three
> months. most le clients also create new private keys for each new cert,
> to improve security.
>
> it is normal for gnus to make that request every couple of months or so.
>
> -JimC