similar to: https and self signed

On Fri, June 17, 2016 10:19 am, James B. Byrne wrote: > > On Thu, June 16, 2016 14:23, Valeri Galtsev wrote: >> >> On Thu, June 16, 2016 1:09 pm, Gordon Messmer wrote: >>> >>> I doubt that most users check the dates on SSL certificates, >>> unless they are familiar enough with TLS to understand that >>> a shorter validity period is better for

On 06/20/2016 07:47 AM, James B. Byrne wrote: > On Sat, June 18, 2016 18:39, Gordon Messmer wrote: > >> I'm not interested in turning this in to a discussion on epistemology. >> This is based on the experience (the evidence) of some of the world's >> foremost experts in the field (Akamai, Cisco, EFF, Mozilla, etc). > Really? Then why did you forward your reply a

On Sat, June 18, 2016 18:39, Gordon Messmer wrote: > On 06/18/2016 02:49 PM, James B. Byrne wrote: >> On Fri, June 17, 2016 21:40, Gordon Messmer wrote: >>> https://letsencrypt.org/2015/11/09/why-90-days.html >> With respect citing another person's or people's opinion in support >> of >> your own is not evidence in the sense I understand the word to

On Mon, June 20, 2016 13:16, Gordon Messmer wrote: > On 06/20/2016 07:47 AM, James B. Byrne wrote: >> On Sat, June 18, 2016 18:39, Gordon Messmer wrote: >> >>> I'm not interested in turning this in to a discussion on >>> epistemology. >>> This is based on the experience (the evidence) of some of the >>> world's foremost experts in the

On 08/10/2017 04:41 PM, Frank-Ulrich Sommer wrote: > I can't see any security advantages of a self signed cert. I then you fail to understand the history, like when Microsoft's certs were undermined because the third party authentication agency gave the keys to 2 guys that knocked on the door and asked for them... -- So many immigrant groups have swept through our town that

Hello, yesterday one of the extensions on my asterisk server got compromised by brute-force attack. The attacker used it to try pull an identity theft scam playing a recording from a bank "your account has been blocked due to unusual activity, please call this number..." Attacker managed to make lots of calls for around 8 hours before I detected it and changed the password for that

On 06/18/2016 02:49 PM, James B. Byrne wrote: > On Fri, June 17, 2016 21:40, Gordon Messmer wrote: >> https://letsencrypt.org/2015/11/09/why-90-days.html > With respect citing another person's or people's opinion in support of > your own is not evidence in the sense I understand the word to mean. I'm not interested in turning this in to a discussion on epistemology.

On Thu, June 16, 2016 1:09 pm, Gordon Messmer wrote: > On 06/16/2016 10:53 AM, Walter H. wrote: >> lets encrypt only trusts for 3 months; would you really except in an >> onlineshop, someone trusts this shop? >> let us think something like this: "when the CA only trusts for 3 >> months, how should I trust for a longer period >> which is important for warranty

On 06/16/2016 10:53 AM, Walter H. wrote: > lets encrypt only trusts for 3 months; would you really except in an > onlineshop, someone trusts this shop? > let us think something like this: "when the CA only trusts for 3 > months, how should I trust for a longer period > which is important for warranty ..." I doubt that most users check the dates on SSL certificates,

> On 10 August 2017, at 04:37, Alef Veld <alefveld at outlook.com> wrote: > > I completely agree (having said that I'm pretty new to all this so I might be full of it). > > You should run your own CA if you have an active financial interest in your company (say your the owner). No added benefit to have your certificate certified by a third party, why would they care

hi all I am using Ubuntu Dapper at the moment (after using windows for so long) dualbooting alongside windows So i have all my games and applications for windows... One of those games is Grand Theft Auto San Andreas. Using wine i'm trying to run gtasa from my windows partiton (yes it is NTFS filesystem) and it keeps telling me that it couldn't find the sound card. So can someone tell

I am currently using https for the --url and --repo options in a kickstart file. The yum repo files are also set to do the same. Both of them have a setting (noverifyssl and sslverify=no, respectively) and this works as expected to pass --insecure to curl. However, I cannot figure out how to also serve the kickstart file itself. ks=user:pass at url works as a url, but I get the "Problem with

Nowadays it's quite easy to get normal ssl certificates for free. E.g. http://www.startssl.com http://buy.wosign.com/free

On 6/15/2016 6:47 AM, Jerry Geis wrote: > How do I get past this? I was looking to just self sign for https. in my admittedly limited experience with this stuff, you need to create your own rootCA, and use that to sign your certificates, AND you need to take the public key of the rootCA and import it into any trust stores that will be used to verify said certificates. -- john r pierce,

On Jun 15, 2016, at 7:47 AM, Jerry Geis <geisj at pagestation.com> wrote: > > Yes I can added the --insecure for curl - but - my other app doesn't > seem to work either - perhaps getting the same return message instead of > the actual file. Because of all the security holes people have been finding in TLS, libraries implementing the client side of TLS are getting

On Jun 15, 2016, at 9:38 AM, Warren Young <wyml at etr-usa.com> wrote: > > On Jun 15, 2016, at 9:02 AM, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: > >> I do not see neither starttls.com nor letsencrypt.org between Authorities >> certificates. > > That?s because they are not top-tier CAs. I forgot to mention that letsencrypt.com uses one of its

On Wed, 15 Jun 2016, John R Pierce wrote: > On 6/15/2016 6:47 AM, Jerry Geis wrote: >> How do I get past this? I was looking to just self sign for https. > > in my admittedly limited experience with this stuff, you need to create your > own rootCA, and use that to sign your certificates, AND you need to take the > public key of the rootCA and import it into any trust

On 15.06.2016 16:17, Warren Young wrote: > On Jun 15, 2016, at 7:57 AM, ????????? ????????<nevis2us at infoline.su> wrote: >> Nowadays it's quite easy to get normal ssl certificates for free. E.g. >> >> http://www.startssl.com >> http://buy.wosign.com/free > Today, I would prefer Let?s Encrypt: > > https://letsencrypt.org/ > > It is

On 15.06.2016 15:57, ????????? ???????? wrote: > Nowadays it's quite easy to get normal ssl certificates for free. E.g. > > http://www.startssl.com > http://buy.wosign.com/free that is right, but hink of your potential clients, because wosign has a problem - slow OCSP, ... because their server infrastucture is located in China, and not the best bandwidth ... when validity checks

> that is right, but hink of your potential clients, because > wosign has a problem - slow OCSP, ... > because their server infrastucture is located in China, and not the > best bandwidth ... > > when validity checks of the used SSL certificate very probable fail, > it is worse than not using SSL ... I don't think OCSP is critical for free certificates suitable for small