From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/83143 Path: news.gmane.org!not-for-mail From: asjo@koldfront.dk (Adam =?iso-8859-1?Q?Sj=F8gren?=) Newsgroups: gmane.emacs.gnus.general Subject: Re: nntp server news.gmane.org tries to use gnutls Date: Wed, 08 May 2013 23:19:41 +0200 Organization: koldfront - analysis & revolution, Copenhagen, Denmark Message-ID: <87sj1xi2z6.fsf@topper.koldfront.dk> References: <87li7q22th.fsf@randomsample.de> <87ehdih3ta.fsf@dod.no> <87a9o6h3g7.fsf_-_@dod.no> <87y5bq319r.fsf@topper.koldfront.dk> <8761yugywn.fsf@dod.no> <87zjw5j1y7.fsf@topper.koldfront.dk> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Trace: ger.gmane.org 1368048115 11442 80.91.229.3 (8 May 2013 21:21:55 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 8 May 2013 21:21:55 +0000 (UTC) To: ding@gnus.org Original-X-From: ding-owner+M31409@lists.math.uh.edu Wed May 08 23:21:55 2013 Return-path: Envelope-to: ding-account@gmane.org Original-Received: from util0.math.uh.edu ([129.7.128.18]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1UaBo9-0006Pi-La for ding-account@gmane.org; Wed, 08 May 2013 23:21:53 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by util0.math.uh.edu with smtp (Exim 4.63) (envelope-from ) id 1UaBmJ-0000EG-Se; Wed, 08 May 2013 16:19:59 -0500 Original-Received: from mx1.math.uh.edu ([129.7.128.32]) by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from ) id 1UaBmH-0000Dp-E9 for ding@lists.math.uh.edu; Wed, 08 May 2013 16:19:57 -0500 Original-Received: from quimby.gnus.org ([80.91.231.51]) by mx1.math.uh.edu with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76) (envelope-from ) id 1UaBmF-00055p-Cy for ding@lists.math.uh.edu; Wed, 08 May 2013 16:19:56 -0500 Original-Received: from plane.gmane.org ([80.91.229.3]) by quimby.gnus.org with esmtp (Exim 4.72) (envelope-from ) id 1UaBmD-0001fQ-Dp for ding@gnus.org; Wed, 08 May 2013 23:19:53 +0200 Original-Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1UaBmD-0004Io-0I for ding@gnus.org; Wed, 08 May 2013 23:19:53 +0200 Original-Received: from 2505ds5-by.0.fullrate.dk ([89.150.142.116]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 08 May 2013 23:19:53 +0200 Original-Received: from asjo by 2505ds5-by.0.fullrate.dk with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 08 May 2013 23:19:53 +0200 X-Injected-Via-Gmane: http://gmane.org/ Original-Lines: 39 Original-X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: 2505ds5-by.0.fullrate.dk OpenPGP: id=21BDE416; url=http://asjo.koldfront.dk/gpg.asc Mail-Follow-Up-To: never X-Face: )qY&CseJ?.:=8F#^~GcSA?F=9eu'{KAFfL1C3/A&:nE?PW\i65"ba0NS)97,Q(^@xk}n4Ou rPuR#V8I(J_@~H($[ym:`K_+]*kjvW>xH5jbgLBVFGXY:(#4P>zVBklLbdL&XxL\M)%T}3S/IS9lMJ ^St'=VZBR Precedence: bulk Xref: news.gmane.org gmane.emacs.gnus.general:83143 Archived-At: Steinar Bang writes: > Yes, but that's what I was unsure about: is gunning for STARTTLS always > the most reasonable thing to do...? If it is available, I think encryption is, yes. > (certificate validation failed, but that did not stop Gnus from > continuing) At least the CIA sniffers won't know what you were reading, although you don't know for sure who was serving you articles. [...] > Possible solutions: > - Automate the server certificate updates (once every 3 months) > http://wiki.cacert.org/Software/CertApi Does this allow renewal? It is unclear to me, but so it a lot of this stuff. > - Someone (ie. Lars) should get a higher level of trust with cacert.org > and get longer-lived certs Sounds like work to me, and I don't even have to do it... > (I think I will try for the automated solution for my own certs) Let us know how it goes! Best regards, Adam -- "Hur långt man än har kommit Adam Sjøgren är det alltid längre kvar" asjo@koldfront.dk