Re: Soliciting Applications and Nominations for the SPI Board
On Tue, Nov 19, 2002 at 09:06:47AM -0600, Steve Langasek wrote:
> On Mon, Nov 18, 2002 at 03:33:53PM -0500, Matt Zimmerman wrote:
> > On Mon, Nov 18, 2002 at 12:09:08PM -0700, Bdale Garbee wrote:
>
> > > The tasks include but are not limited to:
> > > [...]
>
> > Another good task might be to arrange for a verifiable certificate for the
> > https services at spi-inc.org? Currently, it seems to have an expired
> > certificate for a different hostname issued by an unrecognized CA (Wichert).
>
> By 'verifiable', do you mean using one of the universally-recognized web
> CAs, or would it be an option to create an SPI (or Debian) CA whose CA
> cert is shipped with Debian and usable by default?
By 'verifiable', I mean a certificate which can be verified, by whatever
means, to belong to SPI, modulo a reasonable doubt. Given the policies and
(lack of) secure certificate distribution by the commercial CAs, I've no
doubt we could do better, but I have some doubt that we have justification.
But this was more a snide remark than anything; it's not as if the SPI
website is processing financial transactions, but it does use SSL
for some forms.
--
- mdz
Reply to: