Would a CA require a fast server, a lot of available bandwidth etc? Does Tor use a CA?
-----Original Message----- From: Freedombox-discuss [mailto:freedombox-discuss-bounces+cgw993=aol....@lists.alioth.debian.org] On Behalf Of Keith Sent: Thursday, September 12, 2013 3:43 AM To: Jonas Smedegaard Cc: freedombox-discuss@lists.alioth.debian.org Subject: Re: [Freedombox-discuss] CAs and cipher suites for cautious servers like FreedomBox Anyone for setting up a Freedombox CA? This could be added to the freedombox as a trusted CA and usable for freedombox to freedombox TLS only. On Thu, 2013-09-12 at 11:10 +0200, Jonas Smedegaard wrote: > Which TLS certificate authorities (CA) should we trust? > > Which cipher suites should we tolerate? > > Ideally the answers are "none" and "only strong ones". But what is > more relevant to discuss is *realistic* answers (we can then tighten > in later > revisions): > > Which CAs and cipher suites are sensible to use - for now? > > > I imagine there is no "one size fits all". That e.g. serving blog > pages should be more pragmatic about [legacy systems] than Plinth > admin pages or other [specific applications]. > > Would be nice if those knowledgeable about crypto could propose a > shortlist of purposes, and corresponding CAs and cipher suites. > > We could use such shortlists to verify Plinth code, Apache setup, > ca-certificates package configuration etc. > > Anyone knowledgeable about crypto that can help out? > > > - Jonas > > > [speficic applications]: The Guardian Project currently discuss choice > of cipher suites for OTR in their (smartphone) applications: > https://lists.mayfirst.org/pipermail/guardian-dev/2013-September/00250 > 4.html > > [legacy systems]: CAcert.org discusses BEAST vs. RCA4 impacting MacOS X: > https://lists.cacert.org/wws/arc/cacert/2013-09/msg00002.html > > _______________________________________________ > Freedombox-discuss mailing list > Freedombox-discuss@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-dis > cuss _______________________________________________ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss _______________________________________________ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss