Displaying 20 results from an estimated 10000 matches similar to: "https and self signed"
2016 Jun 21
0
https and self signed
On Mon, June 20, 2016 13:16, Gordon Messmer wrote:
> On 06/20/2016 07:47 AM, James B. Byrne wrote:
>> On Sat, June 18, 2016 18:39, Gordon Messmer wrote:
>>
>>> I'm not interested in turning this in to a discussion on
>>> epistemology.
>>> This is based on the experience (the evidence) of some of the
>>> world's foremost experts in the
2016 Jun 20
0
https and self signed
On 06/20/2016 07:47 AM, James B. Byrne wrote:
> On Sat, June 18, 2016 18:39, Gordon Messmer wrote:
>
>> I'm not interested in turning this in to a discussion on epistemology.
>> This is based on the experience (the evidence) of some of the world's
>> foremost experts in the field (Akamai, Cisco, EFF, Mozilla, etc).
> Really? Then why did you forward your reply a
2016 Jun 17
1
https and self signed
On Thu, June 16, 2016 14:23, Valeri Galtsev wrote:
>
> On Thu, June 16, 2016 1:09 pm, Gordon Messmer wrote:
>>
>> I doubt that most users check the dates on SSL certificates,
>> unless they are familiar enough with TLS to understand that
>> a shorter validity period is better for security.
>
> Oh, this is what he meant: Cert validity period. Though I agree
>
2016 Jun 17
0
https and self signed
On Fri, June 17, 2016 10:19 am, James B. Byrne wrote:
>
> On Thu, June 16, 2016 14:23, Valeri Galtsev wrote:
>>
>> On Thu, June 16, 2016 1:09 pm, Gordon Messmer wrote:
>>>
>>> I doubt that most users check the dates on SSL certificates,
>>> unless they are familiar enough with TLS to understand that
>>> a shorter validity period is better for
2016 Jun 17
0
https and self signed
On 17/06/16 15:46, James B. Byrne wrote:
>
> On Thu, June 16, 2016 13:53, Walter H. wrote:
>> On 15.06.2016 16:17, Warren Young wrote:
>>> but it also affects the other public CAs: you can???t get a
>>> publicly-trusted cert for a machine without a publicly-recognized
>>> and -visible domain name. For that, you still need to use
>>> self-signed
2016 Jun 17
4
https and self signed
On Thu, June 16, 2016 13:53, Walter H. wrote:
> On 15.06.2016 16:17, Warren Young wrote:
>> but it also affects the other public CAs: you can???t get a
>> publicly-trusted cert for a machine without a publicly-recognized
>> and -visible domain name. For that, you still need to use
>> self-signed certs or certs signed by a private CA.
>>
> A private CA is the
2016 Jun 18
2
https and self signed
On Fri, 2016-06-17 at 15:56 +0100, Michael H wrote:
> On 17/06/16 15:46, James B. Byrne wrote:
> >
> > We operate a private CA for our domain and have since 2005. We
> > maintain a public CRL strictly in accordance with our CPS and have our
> > own OID assigned. Our CPS and CRL together with our active, expired
> > and revoked certificate inventory is
2016 Jun 18
0
https and self signed
On Sat, June 18, 2016 7:52 am, Always Learning wrote:
>
> On Fri, 2016-06-17 at 15:56 +0100, Michael H wrote:
>
>> On 17/06/16 15:46, James B. Byrne wrote:
>
>> >
>> > We operate a private CA for our domain and have since 2005. We
>> > maintain a public CRL strictly in accordance with our CPS and have our
>> > own OID assigned. Our CPS and
2016 Jun 18
0
https and self signed
On Fri, June 17, 2016 11:06, Walter H. wrote:
> On 17.06.2016 16:46, James B. Byrne wrote:
>> On Thu, June 16, 2016 13:53, Walter H. wrote:
>>> On 15.06.2016 16:17, Warren Young wrote:
>>>> but it also affects the other public CAs: you can???t get a
>>>> publicly-trusted cert for a machine without a publicly-recognized
>>>> and -visible
2016 Jun 17
1
[Fwd: Re: https and self signed]
On Fri, June 17, 2016 12:31, Valeri Galtsev wrote:
>
> On Fri, June 17, 2016 10:19 am, James B. Byrne wrote:
>
>> Keys issued to individuals certainly should have short time limits
>> on them. In the same way that user accounts on systems should
>> always have a near term expiry date set. People are careless.
>> And their motivations are subject to change.
>
2016 Jun 18
2
https and self signed
On 06/18/2016 02:49 PM, James B. Byrne wrote:
> On Fri, June 17, 2016 21:40, Gordon Messmer wrote:
>> https://letsencrypt.org/2015/11/09/why-90-days.html
> With respect citing another person's or people's opinion in support of
> your own is not evidence in the sense I understand the word to mean.
I'm not interested in turning this in to a discussion on epistemology.
2016 Jun 18
1
[Fwd: Re: https and self signed]
On Fri, June 17, 2016 13:08, Valeri Galtsev wrote:
>
> We do not expire accounts until the person leaves the Department
> and grace period passes. Then we do lock account and after some
> time person's files are being deleted. This is the policy, and
> this is what we do. The only time when account expiration is being
> set is for undergraduate students who temporarily work
2016 Jun 18
0
https and self signed
On Sat, 2016-06-18 at 15:39 -0700, Gordon Messmer wrote:
> I'm not interested in turning this in to a discussion on epistemology.
> This is based on the experience (the evidence) of some of the world's
> foremost experts in the field (Akamai, Cisco, EFF, Mozilla, etc).
The same Mozilla Foundation that got USD 50 million from Google some
years ago and the same Mozilla
2016 Jun 19
1
https and self signed
On Sat, June 18, 2016 6:50 pm, Always Learning wrote:
>
> On Sat, 2016-06-18 at 15:39 -0700, Gordon Messmer wrote:
>
>> I'm not interested in turning this in to a discussion on epistemology.
>> This is based on the experience (the evidence) of some of the world's
>> foremost experts in the field (Akamai, Cisco, EFF, Mozilla, etc).
>
> The same Mozilla
2011 Jun 02
1
Capturing ftp reponses
I am writing a script to automatically connect via ftp from a
CentOS-5 host to one of our older (non-*nix OS) systems. The only
common protocol that the remote host supports is ftp. What I want
to do is to capture the initial response that comes back from that
host before the user credentials are passed and log this
information.
I cannot seem to hit upon the right set of redirects to make this
2020 Jun 30
0
samab-4.10 nsupdate
> Could be because you added the wrong line to your smb4.conf (why does
> freebsd call it smb4.conf ?),
Why does freebsd put these things in /usr/local/etc/? Some questions have
answers that are not worth the effort to know.
> try:
> nsupdate command = /usr/local/sbin/nsupdate -g
I did catch that error earlier. But it makes no difference. samba_dnsupdate
does not give any
2006 Sep 18
3
Gnome Desktop Screensaver Security Lock Override?
We deployed our first CentOS-4 based workstation this past spring to see
if we can conveniently replace all, or at least most, of our MS-Win based
user systems with Linux boxes instead. Generally this trial unit has
proved a success but there is one lingering problem that I cannot seem to
find a straight-forward answer to: Is there an administrator override to a
user's password protected
2015 May 15
2
https everywhere.
What are the plans for the CentOS repos with respect to authentication
and https everywhere? At the moment it is a trivial exercise to
perform a MTM attack during a yum update over http.
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited
2015 Jul 31
1
Fedora change that will probably affect RHEL
On Thu, July 30, 2015 12:54, Chris Murphy wrote:
> On Thu, Jul 30, 2015 at 9:54 AM, Valeri Galtsev
> <galtsev at kicp.uchicago.edu> wrote:
>
>>> Now I use Google. They offer MFA opt in. And now I'm more secure
>>> than I was with the myopic ISP.
>>
>> "More secure" only to the level one can trust google ;-)
>
> Yes I know, but I put
2016 Jun 18
1
https and self signed
On 06/17/2016 07:56 AM, James B. Byrne wrote:
> On Thu, June 16, 2016 14:09, Gordon Messmer wrote:
>> I doubt that most users check the dates on SSL certificates,
>> unless they are familiar enough with TLS to understand that
>> a shorter validity period is better for security.
> What evidence do you possess that supports this assertion and would
> you care to share it