Dailydave mailing list archives
Re: Open Source CA
From: Kristian Erik Hermansen <kristian.hermansen () gmail com>
Date: Fri, 4 Dec 2015 09:37:56 -0800
It now means that the entire web can move to HTTPS by default and there are no excuses for not having an HTTPS certificate any longer. Eg. When you type www.whateversite.com into your browser, by default, an HTTPS connection can be made instead. Unencrypted HTTP can die now. The issue of backdoors in Certificate Authorities still exists though, because nation state laws permit gov to obtain CA private keys and perform intermediation. Therefore, we also need to ensure public key pinning and validation of per-site certificates in order to identify rogue site certificates being generated that were not issued by the site itself. Stay safe! :) On Dec 4, 2015 8:40 AM, "Charisse Castagnoli" <charisse () charissec com> wrote:
Because there are many smart people on this list, I ask how would you evaluate this just released tool: https://letsencrypt.org/ I'm too old to read source code and cert/key gen is specialized knowledge in any case. Comments? charisse _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Open Source CA Charisse Castagnoli (Dec 04)
- Re: Open Source CA Kristian Erik Hermansen (Dec 06)
- Re: Open Source CA Moses Hernandez (Dec 09)
- Re: Open Source CA Kristian Erik Hermansen (Dec 09)
- Re: Open Source CA Moses Hernandez (Dec 09)
- Re: Open Source CA Kristian Erik Hermansen (Dec 06)