[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: HTTPS everywhere!

On Sun, 2014-06-22 at 15:49 +0200, Christoph Anton Mitterer wrote:
> On Sun, 2014-06-22 at 14:21 +1000, Russell Stuart wrote: 
> > Sure, but you are no longer discussing a PKI system here.  If you are
> > going to abandon X.509 PKI
> Well first of all,... PKI is just "public key infrastructure" and not
> necessarily means X.509.

Correct.  That's why I referred to it as X.509 PKI and not just X.509.

> Well first, AFAIK, there are no mirrors for the BTS... and then
> securing something like BTS with OpenPGP is quite difficult.

There is a straight forward solution to handling BTS messages.  You just
DKIM sign them with an appropriate key when they are received.

> Given that these services are used more and more for development, I
> think it's more and more important to secure them as far as possible.

90% of what you want could be achieved with a working version of
Certificate Patrol.  Ship it as a standard part of iceweasel, pre
configured with a few certs and enabled by default.

That nice thing about getting Certificate Patrol working is it helps
everyone - not just Debian.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: