On Mon, Mar 30, 2015 at 8:58 PM, Dean Stephens desult...@gentoo.org wrote:
On 03/27/15 15:29, Hanno Böck wrote:
These days pretty much all big players use https only (google,
facebook, twitter, github, ...). You can't really use the
mainstream internet if your firewall blocks https.
Can
On 03/27/15 15:29, Hanno Böck wrote:
These days pretty much all big players use https only (google,
facebook, twitter, github, ...). You can't really use the
mainstream internet if your firewall blocks https.
Can we please stop making stuff up[1] just to make an argument seem
stronger to the
Dnia 2015-03-27, o godz. 15:33:15
Hanno Böck ha...@gentoo.org napisał(a):
I think defaulting the net to HTTPS is a big step for more security and
I think Gentoo should join the trend here.
While I don't mind this entirely, we need to make sure to get things
right. For example, I'm quite
Dnia 2015-03-29, o godz. 18:50:17
Hanno Böck ha...@gentoo.org napisał(a):
On Sun, 29 Mar 2015 16:46:05 +0200
Michał Górny mgo...@gentoo.org wrote:
While I don't mind this entirely, we need to make sure to get things
right. For example, I'm quite unhappy being unable to use Forums or
On Sun, 29 Mar 2015 19:23:51 +0200
Michał Górny mgo...@gentoo.org wrote:
Xperia X10 Mini, with ancient Android 2.1.
bugs.gentoo.org works, though it complains about hostname mismatch (I
guess it doesn't handle wildcard certs or sth).
Not exactly, it can't handle servers with more than one
On Sun, 29 Mar 2015 16:46:05 +0200
Michał Górny mgo...@gentoo.org wrote:
While I don't mind this entirely, we need to make sure to get things
right. For example, I'm quite unhappy being unable to use Forums or
sources.g.o from my phone because of some SSL issues…
Can you be more specific on
On 27.03.2015 15:33, Hanno Böck wrote:
I think defaulting the net to HTTPS is a big step for more security and
I think Gentoo should join the trend here.
Yes please!
Sebastian
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
+1 for everything.
- --
Alexander
berna...@gentoo.org
https://secure.plaimi.net/~alexander
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iF4EAREIAAYFAlUWwDgACgkQRtClrXBQc7XyRQEAh2fJrr9aW9kLLa+a4hmwOT80
Just my 5c:
On Fri, 27 Mar 2015 19:18:24 +
Robin H. Johnson robb...@gentoo.org wrote:
* Make sure all use modern HTTPS features, including:
* OCSP Stapling
SSLUseStapling is Apache 2.3+ only, and that isn't stable yet.
You can always set up Nginx, if not instead, but at least in
Hi,
Right now a number of Gentoo webpages are by default served over http.
There is a growing trend to push more webpages to default to https,
mostly pushed by google. I think this is a good thing and I think
Gentoo should follow.
Right now we seem to have a mix:
* A number of webpages default
Hi,
Hanno Böck wrote:
Right now a number of Gentoo webpages are by default served over http.
There is a growing trend to push more webpages to default to https,
mostly pushed by google. I think this is a good thing and I think
Gentoo should follow.
+1
Right now we seem to have a mix:
* A
TL;DR: Yes!
* Hanno Böck schrieb am 27.03.15 um 15:33 Uhr:
Hi,
Right now a number of Gentoo webpages are by default served over http.
There is a growing trend to push more webpages to default to https,
mostly pushed by google. I think this is a good thing and I think
Gentoo should follow.
On Fri, Mar 27, 2015 at 3:33 PM, Hanno Böck ha...@gentoo.org wrote:
I'd propose the following:
* Make all pages under .gentoo.org https by default
* Make sure all use modern HTTPS features, including:
* OCSP Stapling
* HSTS
* A secure collection of cipher suites
* (one may add HPKP
On Fri, 27 Mar 2015 15:14:02 -0400
Rich Freeman ri...@gentoo.org wrote:
As has been pointed out, this is a moot issue for Gentoo. However,
I'm not aware of anybody who both offers a free certificate and will
let you change your private key if it is compromised free of charge.
I think wosign
On Fri, Mar 27, 2015 at 03:33:15PM +0100, Hanno Böck wrote:
Right now a number of Gentoo webpages are by default served over http.
There is a growing trend to push more webpages to default to https,
mostly pushed by google. I think this is a good thing and I think
Gentoo should follow.
Please
On Fri, Mar 27, 2015 at 04:44:16PM +0100, Marc Schiffbauer wrote:
Certificates are too expensive
Gentoo already has certs for all pages, so this is not an argument
here, but if this ever becomes an issue there are a number of CAs these
days that issue free certs. In summer the community based
On Fri, Mar 27, 2015 at 8:29 PM, Hanno Böck ha...@gentoo.org wrote:
SSLUseStapling is Apache 2.3+ only, and that isn't stable yet.
That's unfortunate, apache 2.2 is pretty outdated when it
comes to tls security.
Please help with the blockers for 2.4 stabilization!
Cheers,
Dirkjan
On Fri, 27 Mar 2015 19:18:24 +
Robin H. Johnson robb...@gentoo.org wrote:
* Some with logins are mixed http/login-via-https, which makes them
vulnerable to ssl-stripping-attacks (e.g. wiki.gentoo.org)
Are you sure about this? Everything on wiki should always redirect to
SSL very
On Fri, Mar 27, 2015 at 11:44 AM, Marc Schiffbauer msch...@gentoo.org wrote:
* Hanno Böck schrieb am 27.03.15 um 15:33 Uhr:
Certificates are too expensive
Gentoo already has certs for all pages, so this is not an argument
here, but if this ever becomes an issue there are a number of CAs
On Fri, Mar 27, 2015 at 06:14:38PM +0100, Thomas D. wrote:
Right now we seem to have a mix:
* A number of webpages default to http and have optional https
(www.gentoo.org)
* Some with sensitive logins are already https by default (e.g.
bugs.gentoo.org), but they don't use hsts, which
On 27 March 2015 at 19:14, Rich Freeman ri...@gentoo.org wrote:
StartSSL in fact refuses to revoke certificates even when people
publish their private keys publicly. If you buy a previously-used
domain you might want to make sure that there isn't a StartSSL
certificate floating around for it
21 matches
Mail list logo