similar to: https and self signed

On Sat, June 18, 2016 18:39, Gordon Messmer wrote: > On 06/18/2016 02:49 PM, James B. Byrne wrote: >> On Fri, June 17, 2016 21:40, Gordon Messmer wrote: >>> https://letsencrypt.org/2015/11/09/why-90-days.html >> With respect citing another person's or people's opinion in support >> of >> your own is not evidence in the sense I understand the word to

On 06/18/2016 02:49 PM, James B. Byrne wrote: > On Fri, June 17, 2016 21:40, Gordon Messmer wrote: >> https://letsencrypt.org/2015/11/09/why-90-days.html > With respect citing another person's or people's opinion in support of > your own is not evidence in the sense I understand the word to mean. I'm not interested in turning this in to a discussion on epistemology.

On Wed, Jun 15, 2016 at 10:02:57AM -0500, Valeri Galtsev wrote: > > On Wed, June 15, 2016 9:17 am, Warren Young wrote: > >> > >> Nowadays it's quite easy to get normal ssl certificates for free. E.g. > > > > Today, I would prefer Let???s Encrypt: > > > > https://letsencrypt.org/ > > > > It is philosophically aligned with the open

On 06/20/2016 07:47 AM, James B. Byrne wrote: > On Sat, June 18, 2016 18:39, Gordon Messmer wrote: > >> I'm not interested in turning this in to a discussion on epistemology. >> This is based on the experience (the evidence) of some of the world's >> foremost experts in the field (Akamai, Cisco, EFF, Mozilla, etc). > Really? Then why did you forward your reply a

On Mon, June 20, 2016 13:16, Gordon Messmer wrote: > On 06/20/2016 07:47 AM, James B. Byrne wrote: >> On Sat, June 18, 2016 18:39, Gordon Messmer wrote: >> >>> I'm not interested in turning this in to a discussion on >>> epistemology. >>> This is based on the experience (the evidence) of some of the >>> world's foremost experts in the

On Jun 15, 2016, at 9:02 AM, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: > > I do see WoSign there (though I'd prefer to avoid my US located servers > have certificates signed by authority located in China, hence located sort > of behind "the great firewall of China" - call me superstitious). That?s a perfectly valid concern. The last I heard, modern

On Jun 15, 2016, at 7:57 AM, ????????? ???????? <nevis2us at infoline.su> wrote: > > Nowadays it's quite easy to get normal ssl certificates for free. E.g. > > http://www.startssl.com > http://buy.wosign.com/free Today, I would prefer Let?s Encrypt: https://letsencrypt.org/ It is philosophically aligned with the open source software world, rather than act as bait

On 06/16/2016 10:53 AM, Walter H. wrote: > lets encrypt only trusts for 3 months; would you really except in an > onlineshop, someone trusts this shop? > let us think something like this: "when the CA only trusts for 3 > months, how should I trust for a longer period > which is important for warranty ..." I doubt that most users check the dates on SSL certificates,

On 06/16/2016 11:50 AM, Walter H. wrote: > technically there is more: not the user needs to check the dates a SSL > certificate is valid; > > just compare it with real life: which salesman would you trust more - > the one that gets a new car every few years, which has the same > advertisings on it and maybe has the same color, or the other one that > gets nearly every

On Thu, June 16, 2016 14:23, Valeri Galtsev wrote: > > On Thu, June 16, 2016 1:09 pm, Gordon Messmer wrote: >> >> I doubt that most users check the dates on SSL certificates, >> unless they are familiar enough with TLS to understand that >> a shorter validity period is better for security. > > Oh, this is what he meant: Cert validity period. Though I agree >

On Fri, June 17, 2016 10:19 am, James B. Byrne wrote: > > On Thu, June 16, 2016 14:23, Valeri Galtsev wrote: >> >> On Thu, June 16, 2016 1:09 pm, Gordon Messmer wrote: >>> >>> I doubt that most users check the dates on SSL certificates, >>> unless they are familiar enough with TLS to understand that >>> a shorter validity period is better for

On Jun 15, 2016, at 9:38 AM, Warren Young <wyml at etr-usa.com> wrote: > > On Jun 15, 2016, at 9:02 AM, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: > >> I do not see neither starttls.com nor letsencrypt.org between Authorities >> certificates. > > That?s because they are not top-tier CAs. I forgot to mention that letsencrypt.com uses one of its

On Wed, June 15, 2016 9:17 am, Warren Young wrote: > On Jun 15, 2016, at 7:57 AM, ?????????????????? ???????????????? > <nevis2us at infoline.su> wrote: >> >> Nowadays it's quite easy to get normal ssl certificates for free. E.g. >> >> http://www.startssl.com >> http://buy.wosign.com/free > > Today, I would prefer Let???s Encrypt: > >

On Wed, June 15, 2016 10:48 am, Warren Young wrote: > On Jun 15, 2016, at 9:38 AM, Warren Young <wyml at etr-usa.com> wrote: >> >> On Jun 15, 2016, at 9:02 AM, Valeri Galtsev <galtsev at kicp.uchicago.edu> >> wrote: >> >>> I do not see neither starttls.com nor letsencrypt.org between >>> Authorities >>> certificates. >>

On 8/11/2017 11:44 AM, Florian Beer wrote: > On 2017-08-11 11:36, Michael Felt wrote: >> I have looked at let's encrypt. Key issue for me is having to add a >> lot python stuff that would otherwise not be on any server. > > > I use acme.sh for all of my LetsEncrypt certs (web & mail), it is > written in pure shell script, so no python dependencies. >

On 15.06.2016 16:17, Warren Young wrote: > On Jun 15, 2016, at 7:57 AM, ????????? ????????<nevis2us at infoline.su> wrote: >> Nowadays it's quite easy to get normal ssl certificates for free. E.g. >> >> http://www.startssl.com >> http://buy.wosign.com/free > Today, I would prefer Let?s Encrypt: > > https://letsencrypt.org/ > > It is

Michael Felt <michael at felt.demon.nl> writes: >> I use acme.sh for all of my LetsEncrypt certs (web & mail), it is >> written in pure shell script, so no python dependencies. >> https://github.com/Neilpang/acme.sh > > Thanks - I might look at that, but as Ralph mentions in his reply - > Let's encrypt certs are only for three months - never ending circus.

On Thu, June 16, 2016 1:09 pm, Gordon Messmer wrote: > On 06/16/2016 10:53 AM, Walter H. wrote: >> lets encrypt only trusts for 3 months; would you really except in an >> onlineshop, someone trusts this shop? >> let us think something like this: "when the CA only trusts for 3 >> months, how should I trust for a longer period >> which is important for warranty

On 06/16/2016 11:23 AM, Valeri Galtsev wrote: > as the one who has to handle quite a > few certificates, I only will go with certificates valid for a year, > ...do I miss something?). Yes. The tool that creates certificate/key pairs, submits the CSR, and installs the certificate is intended to be fully automated. In production, you should be running it as an automatic job. As

On 16.06.2016 20:09, Gordon Messmer wrote: > On 06/16/2016 10:53 AM, Walter H. wrote: >> lets encrypt only trusts for 3 months; would you really except in an >> onlineshop, someone trusts this shop? >> let us think something like this: "when the CA only trusts for 3 >> months, how should I trust for a longer period >> which is important for warranty