On Thu, Sep 12, 2013 at 11:43:28AM +0100, Keith wrote: > Anyone for setting up a Freedombox CA? > This could be added to the freedombox as a trusted CA and usable for > freedombox to freedombox TLS only.
A CA appears counterproductive. End users should use self-signed certs, or each Freedombox issue contain their own CA. The only source of centralism is the Debian package depository. Notice that the way Debian signing secrets are currently maintained is not secure, and would allow large scale attacks against the Freedombox network. Due to the information recently released, his is no longer a remote possibility, but should be central to the threat model.
signature.asc
Description: Digital signature
_______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
