On Mon, Mar 30, 2015 at 8:58 PM, Dean Stephens wrote:
> On 03/27/15 15:29, Hanno Böck wrote:
> > These days pretty much all big players use https only (google,
> > facebook, twitter, github, ...). You can't really use the
> > mainstream internet if your firewall blocks https.
> >
> Can we please
On 03/27/15 15:29, Hanno Böck wrote:
> These days pretty much all big players use https only (google,
> facebook, twitter, github, ...). You can't really use the
> mainstream internet if your firewall blocks https.
>
Can we please stop making stuff up[1] just to make an argument seem
stronger to t
On Sun, 29 Mar 2015 19:23:51 +0200
Michał Górny wrote:
> Xperia X10 Mini, with ancient Android 2.1.
>
> bugs.gentoo.org works, though it complains about hostname mismatch (I
> guess it doesn't handle wildcard certs or sth).
Not exactly, it can't handle servers with more than one SSL certificate
Dnia 2015-03-29, o godz. 18:50:17
Hanno Böck napisał(a):
> On Sun, 29 Mar 2015 16:46:05 +0200
> Michał Górny wrote:
>
> > While I don't mind this entirely, we need to make sure to get things
> > right. For example, I'm quite unhappy being unable to use Forums or
> > sources.g.o from my phone be
On Sun, 29 Mar 2015 16:46:05 +0200
Michał Górny wrote:
> While I don't mind this entirely, we need to make sure to get things
> right. For example, I'm quite unhappy being unable to use Forums or
> sources.g.o from my phone because of some SSL issues…
Can you be more specific on that? Of course
Dnia 2015-03-27, o godz. 15:33:15
Hanno Böck napisał(a):
> I think defaulting the net to HTTPS is a big step for more security and
> I think Gentoo should join the trend here.
While I don't mind this entirely, we need to make sure to get things
right. For example, I'm quite unhappy being unable
On 27.03.2015 15:33, Hanno Böck wrote:
> I think defaulting the net to HTTPS is a big step for more security and
> I think Gentoo should join the trend here.
Yes please!
Sebastian
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
+1 for everything.
- --
Alexander
berna...@gentoo.org
https://secure.plaimi.net/~alexander
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iF4EAREIAAYFAlUWwDgACgkQRtClrXBQc7XyRQEAh2fJrr9aW9kLLa+a4hmwOT80
2ucx01RUq2IGmm9P7kMA/2o/rh46QX8xrAn5lbHtjqc
Just my 5c:
On Fri, 27 Mar 2015 19:18:24 +
"Robin H. Johnson" wrote:
>
> > * Make sure all use modern HTTPS features, including:
> > * OCSP Stapling
> SSLUseStapling is Apache 2.3+ only, and that isn't stable yet.
You can always set up Nginx, if not instead, but at least in front of the
On Fri, Mar 27, 2015 at 8:29 PM, Hanno Böck wrote:
>> SSLUseStapling is Apache 2.3+ only, and that isn't stable yet.
>
> That's unfortunate, apache 2.2 is pretty outdated when it
> comes to tls security.
Please help with the blockers for 2.4 stabilization!
Cheers,
Dirkjan
On Fri, Mar 27, 2015 at 3:15 PM, Diego Elio Pettenò
wrote:
> On 27 March 2015 at 19:14, Rich Freeman wrote:
>>
>> StartSSL in fact refuses to revoke certificates even when people
>> publish their private keys publicly. If you buy a previously-used
>> domain you might want to make sure that there
On Fri, Mar 27, 2015 at 04:44:16PM +0100, Marc Schiffbauer wrote:
> >"Certificates are too expensive"
> >Gentoo already has certs for all pages, so this is not an argument
> >here, but if this ever becomes an issue there are a number of CAs these
> >days that issue free certs. In summer the communi
On Fri, 27 Mar 2015 15:14:02 -0400
Rich Freeman wrote:
> As has been pointed out, this is a moot issue for Gentoo. However,
> I'm not aware of anybody who both offers a free certificate and will
> let you change your private key if it is compromised free of charge.
I think wosign does.
Haven't
On Fri, 27 Mar 2015 19:18:24 +
"Robin H. Johnson" wrote:
> > * Some with logins are mixed http/login-via-https, which makes them
> > vulnerable to ssl-stripping-attacks (e.g. wiki.gentoo.org)
> Are you sure about this? Everything on wiki should always redirect to
> SSL very early.
Sure abo
On Fri, Mar 27, 2015 at 03:33:15PM +0100, Hanno Böck wrote:
> Right now a number of Gentoo webpages are by default served over http.
> There is a growing trend to push more webpages to default to https,
> mostly pushed by google. I think this is a good thing and I think
> Gentoo should follow.
Plea
On 27 March 2015 at 19:14, Rich Freeman wrote:
>
> StartSSL in fact refuses to revoke certificates even when people
> publish their private keys publicly. If you buy a previously-used
> domain you might want to make sure that there isn't a StartSSL
> certificate floating around for it which is st
On Fri, Mar 27, 2015 at 11:44 AM, Marc Schiffbauer wrote:
> * Hanno Böck schrieb am 27.03.15 um 15:33 Uhr:
>>
>>
>> "Certificates are too expensive"
>> Gentoo already has certs for all pages, so this is not an argument
>> here, but if this ever becomes an issue there are a number of CAs these
>> d
On Fri, Mar 27, 2015 at 06:14:38PM +0100, Thomas D. wrote:
> > Right now we seem to have a mix:
> > * A number of webpages default to http and have optional https
> > (www.gentoo.org)
> > * Some with sensitive logins are already https by default (e.g.
> > bugs.gentoo.org), but they don't use hs
Hi,
Hanno Böck wrote:
> Right now a number of Gentoo webpages are by default served over http.
> There is a growing trend to push more webpages to default to https,
> mostly pushed by google. I think this is a good thing and I think
> Gentoo should follow.
+1
> Right now we seem to have a mix:
On Fri, Mar 27, 2015 at 3:33 PM, Hanno Böck wrote:
> I'd propose the following:
> * Make all pages under .gentoo.org https by default
> * Make sure all use modern HTTPS features, including:
> * OCSP Stapling
> * HSTS
> * A secure collection of cipher suites
> * (one may add HPKP here, but it r
TL;DR: Yes!
* Hanno Böck schrieb am 27.03.15 um 15:33 Uhr:
Hi,
Right now a number of Gentoo webpages are by default served over http.
There is a growing trend to push more webpages to default to https,
mostly pushed by google. I think this is a good thing and I think
Gentoo should follow.
Righ
Hi,
Right now a number of Gentoo webpages are by default served over http.
There is a growing trend to push more webpages to default to https,
mostly pushed by google. I think this is a good thing and I think
Gentoo should follow.
Right now we seem to have a mix:
* A number of webpages default to
22 matches
Mail list logo
