similar to: https and self signed

On Sat, June 18, 2016 18:39, Gordon Messmer wrote: > On 06/18/2016 02:49 PM, James B. Byrne wrote: >> On Fri, June 17, 2016 21:40, Gordon Messmer wrote: >>> https://letsencrypt.org/2015/11/09/why-90-days.html >> With respect citing another person's or people's opinion in support >> of >> your own is not evidence in the sense I understand the word to

On Sat, June 18, 2016 6:50 pm, Always Learning wrote: > > On Sat, 2016-06-18 at 15:39 -0700, Gordon Messmer wrote: > >> I'm not interested in turning this in to a discussion on epistemology. >> This is based on the experience (the evidence) of some of the world's >> foremost experts in the field (Akamai, Cisco, EFF, Mozilla, etc). > > The same Mozilla

On Sat, 2016-06-18 at 15:39 -0700, Gordon Messmer wrote: > I'm not interested in turning this in to a discussion on epistemology. > This is based on the experience (the evidence) of some of the world's > foremost experts in the field (Akamai, Cisco, EFF, Mozilla, etc). The same Mozilla Foundation that got USD 50 million from Google some years ago and the same Mozilla

On 06/20/2016 07:47 AM, James B. Byrne wrote: > On Sat, June 18, 2016 18:39, Gordon Messmer wrote: > >> I'm not interested in turning this in to a discussion on epistemology. >> This is based on the experience (the evidence) of some of the world's >> foremost experts in the field (Akamai, Cisco, EFF, Mozilla, etc). > Really? Then why did you forward your reply a

On Mon, June 20, 2016 13:16, Gordon Messmer wrote: > On 06/20/2016 07:47 AM, James B. Byrne wrote: >> On Sat, June 18, 2016 18:39, Gordon Messmer wrote: >> >>> I'm not interested in turning this in to a discussion on >>> epistemology. >>> This is based on the experience (the evidence) of some of the >>> world's foremost experts in the

Ok. It's a Firefox Add-on: https://www.eff.org/https-everywhere Questions: 1) But: Why can't i find it on the offical Firefox Add-ons site?: https://addons.mozilla.org/en-US/firefox/ 2) Did anyone audited the "HTTPS Everywhere" code? 3) Can someone trust this Add-on? Is it safe to install/use? 4) If it's so great why isn't it more prevalent? What's youre

I am currently using https for the --url and --repo options in a kickstart file. The yum repo files are also set to do the same. Both of them have a setting (noverifyssl and sslverify=no, respectively) and this works as expected to pass --insecure to curl. However, I cannot figure out how to also serve the kickstart file itself. ks=user:pass at url works as a url, but I get the "Problem with

Nowadays it's quite easy to get normal ssl certificates for free. E.g. http://www.startssl.com http://buy.wosign.com/free

On 6/15/2016 6:47 AM, Jerry Geis wrote: > How do I get past this? I was looking to just self sign for https. in my admittedly limited experience with this stuff, you need to create your own rootCA, and use that to sign your certificates, AND you need to take the public key of the rootCA and import it into any trust stores that will be used to verify said certificates. -- john r pierce,

On Jun 15, 2016, at 7:47 AM, Jerry Geis <geisj at pagestation.com> wrote: > > Yes I can added the --insecure for curl - but - my other app doesn't > seem to work either - perhaps getting the same return message instead of > the actual file. Because of all the security holes people have been finding in TLS, libraries implementing the client side of TLS are getting

On Jun 15, 2016, at 9:38 AM, Warren Young <wyml at etr-usa.com> wrote: > > On Jun 15, 2016, at 9:02 AM, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: > >> I do not see neither starttls.com nor letsencrypt.org between Authorities >> certificates. > > That?s because they are not top-tier CAs. I forgot to mention that letsencrypt.com uses one of its

On Wed, 15 Jun 2016, John R Pierce wrote: > On 6/15/2016 6:47 AM, Jerry Geis wrote: >> How do I get past this? I was looking to just self sign for https. > > in my admittedly limited experience with this stuff, you need to create your > own rootCA, and use that to sign your certificates, AND you need to take the > public key of the rootCA and import it into any trust

On 15.06.2016 16:17, Warren Young wrote: > On Jun 15, 2016, at 7:57 AM, ????????? ????????<nevis2us at infoline.su> wrote: >> Nowadays it's quite easy to get normal ssl certificates for free. E.g. >> >> http://www.startssl.com >> http://buy.wosign.com/free > Today, I would prefer Let?s Encrypt: > > https://letsencrypt.org/ > > It is

On Thu, June 16, 2016 1:09 pm, Gordon Messmer wrote: > On 06/16/2016 10:53 AM, Walter H. wrote: >> lets encrypt only trusts for 3 months; would you really except in an >> onlineshop, someone trusts this shop? >> let us think something like this: "when the CA only trusts for 3 >> months, how should I trust for a longer period >> which is important for warranty

On 15.06.2016 15:57, ????????? ???????? wrote: > Nowadays it's quite easy to get normal ssl certificates for free. E.g. > > http://www.startssl.com > http://buy.wosign.com/free that is right, but hink of your potential clients, because wosign has a problem - slow OCSP, ... because their server infrastucture is located in China, and not the best bandwidth ... when validity checks

> that is right, but hink of your potential clients, because > wosign has a problem - slow OCSP, ... > because their server infrastucture is located in China, and not the > best bandwidth ... > > when validity checks of the used SSL certificate very probable fail, > it is worse than not using SSL ... I don't think OCSP is critical for free certificates suitable for small

On 16.06.2016 20:09, Gordon Messmer wrote: > On 06/16/2016 10:53 AM, Walter H. wrote: >> lets encrypt only trusts for 3 months; would you really except in an >> onlineshop, someone trusts this shop? >> let us think something like this: "when the CA only trusts for 3 >> months, how should I trust for a longer period >> which is important for warranty

On 06/16/2016 11:23 AM, Valeri Galtsev wrote: > as the one who has to handle quite a > few certificates, I only will go with certificates valid for a year, > ...do I miss something?). Yes. The tool that creates certificate/key pairs, submits the CSR, and installs the certificate is intended to be fully automated. In production, you should be running it as an automatic job. As

On 06/16/2016 11:50 AM, Walter H. wrote: > technically there is more: not the user needs to check the dates a SSL > certificate is valid; > > just compare it with real life: which salesman would you trust more - > the one that gets a new car every few years, which has the same > advertisings on it and maybe has the same color, or the other one that > gets nearly every

On 16.06.2016 21:42, ????????? ???????? wrote: >> that is right, but hink of your potential clients, because >> wosign has a problem - slow OCSP, ... >> because their server infrastucture is located in China, and not the >> best bandwidth ... >> >> when validity checks of the used SSL certificate very probable fail, >> it is worse than not using SSL ...