On 06/18/2016 02:49 PM, James B. Byrne wrote:> On Fri, June 17, 2016 21:40, Gordon Messmer wrote: >> https://letsencrypt.org/2015/11/09/why-90-days.html > With respect citing another person's or people's opinion in support of > your own is not evidence in the sense I understand the word to mean.I'm not interested in turning this in to a discussion on epistemology. This is based on the experience (the evidence) of some of the world's foremost experts in the field (Akamai, Cisco, EFF, Mozilla, etc).> The assertion expressed in the link given above that 90-day > certificate lives will serve to increase certificate renewal > automation is at best a pious hope.You are ignoring the fact that the tool used to acquire letsencrypt certificates automates the entire process. They're not merely hoping that users will automate the process, they're automating it on behalf of users. They've done everything but schedule it for their users.> One that is unlikely to be > realised in my opinion for the simple reason that automated and > therefore mostly unobserved security systems are a primary target for > tampering.For someone who wants "evidence" you make a lot of unsupported assertions. You do see the irony, don't you?> Likewise the authors' opinion that pki certificates are in > general just casually left laying around to be compromised displays a > certain level of what reasonably could be considered elitist contempt > for the average human's intelligence.Or, you know, a review of actual security problems in the real world.> Even as arguments I find these two positions are less than compelling. > And in no respect could either opinion be considered evidence.That's fine. I don't really need to convince you, personally, of anything. But for the security of the internet community in general, I'll continue to advocate for secure practices, including pervasive security (which means reducing barriers to the use of encryption at all points along the process of setup).
On Sat, 2016-06-18 at 15:39 -0700, Gordon Messmer wrote:> I'm not interested in turning this in to a discussion on epistemology. > This is based on the experience (the evidence) of some of the world's > foremost experts in the field (Akamai, Cisco, EFF, Mozilla, etc).The same Mozilla Foundation that got USD 50 million from Google some years ago and the same Mozilla Foundation that automatically sends URLs to Google (the world's biggest spying operation) - questionable safety credentials that security conscious administrators might not implicitly trust. I support a DNS record solution for certificate authenticity. -- Regards, Paul. England, EU. England's place is in the European Union.
On Sat, June 18, 2016 6:50 pm, Always Learning wrote:> > On Sat, 2016-06-18 at 15:39 -0700, Gordon Messmer wrote: > >> I'm not interested in turning this in to a discussion on epistemology. >> This is based on the experience (the evidence) of some of the world's >> foremost experts in the field (Akamai, Cisco, EFF, Mozilla, etc). > > The same Mozilla Foundation that got USD 50 million from Google some > years ago and the same Mozilla Foundation that automatically sends URLs > to Google (the world's biggest spying operation) - questionable safety > credentials that security conscious administrators might not implicitly > trust.Which browser do you use? I still am in a process of finding replacement for Firefox (the closest is midori, it doesn't fully fill the bill for me though). With this opinion about Mozilla Foundation you definitely are not using their Firefox and Thunderbird, right? I have one more constraint: I need to use it under FreeBSD (these are my laptop and workstation), so I probably have to be able to build it myself (as, if it is in FreeBSD ports/packages, I likely already tried it...). Thanks. Valeri> > I support a DNS record solution for certificate authenticity. > > > -- > Regards, > > Paul. > England, EU. England's place is in the European Union. > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++