Re: ca-certificates: no more cacert.org certificates?!?

To: debian-devel@lists.debian.org
Subject: Re: ca-certificates: no more cacert.org certificates?!?
From: Kevin Chadwick <ma1l1ists@yahoo.co.uk>
Date: Thu, 3 Apr 2014 20:38:30 +0100
Message-id: <[🔎] 991243.53700.bm@smtp120.mail.ir2.yahoo.com>
In-reply-to: <[🔎] 20140401213851.GF15123@a82-93-13-222.adsl.xs4all.nl>
References: <[🔎] 87lhvp1i2s.fsf@poker.hands.com> <[🔎] 20140401202211.GC15123@a82-93-13-222.adsl.xs4all.nl> <[🔎] 616880.64104.bm@smtp144.mail.ir2.yahoo.com> <[🔎] 20140401213851.GF15123@a82-93-13-222.adsl.xs4all.nl>

previously on this list Bas Wijnen contributed:

> On Tue, Apr 01, 2014 at 10:49:15PM +0100, Kevin Chadwick wrote:
> > >  I think at Debian we all agree that it would be a good
> > > thing if everything would be encrypted, so this is a very bad outcome.
> > 
> > I beg to differ I'm afraid. SSL should be used where it is required
> > otherwise you are opening the server upto DOS and as it is more
> > complex, bugs and exploits not to mention greater memory and cpu usage
> > in similar fashion to systemd.
> 
> That's a valid point.  I think all connections should be encrypted,
> unless the server admin knowingly disables the encryption.  Does that
> sound better?
> 
> What I would like to see, is that if someone new to making websites
> tries something, they will be using encrypted connections.  And if they
> start asking people to fill out personal data, they don't need to do
> anything extra to make sure it works right.
> 

Sorry but I still have to disagree as this shouldn't really but
certainly does still increase the chances of someone submitting data to
a site that doesn't care about the security of that data or have the
ability to look after it.

OTOH it would prevent wordpress logins being stolen so easily and ISPs
snooping, however I believe in solving specific problems not swapping
problems around, what do you know again like systemd due to it's multi
functional design or rather lack of it;-)

-- 
_______________________________________________________________________

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)

In Other Words - Don't design like polkit or systemd
_______________________________________________________________________

I have no idea why RTFM is used so aggressively on LINUX mailing lists
because whilst 'apropos' is traditionally the most powerful command on
Unix-like systems it's 'modern' replacement 'apropos' on Linux is a tool
to help psychopaths learn to control their anger.

(Kevin Chadwick)

_______________________________________________________________________

Reply to:

References:
- Re: ca-certificates: no more cacert.org certificates?!?
  - From: Philip Hands <phil@hands.com>
- Re: ca-certificates: no more cacert.org certificates?!?
  - From: Bas Wijnen <wijnen@debian.org>
- Re: ca-certificates: no more cacert.org certificates?!?
  - From: Kevin Chadwick <ma1l1ists@yahoo.co.uk>
- Re: ca-certificates: no more cacert.org certificates?!?
  - From: Bas Wijnen <wijnen@debian.org>

Prev by Date: Bug#743556: ITP: ruby-scrypt -- Ruby gem with native C extension for the scrypt password hashing algorithm
Next by Date: Re: default messaging/VoIP client for Debian 8/Jessie
Previous by thread: Re: ca-certificates: no more cacert.org certificates?!?
Next by thread: Re: ca-certificates: no more cacert.org certificates?!?
Index(es):
- Date
- Thread