Re: HTTPS everywhere!

To: Russell Stuart <russell-debian@stuart.id.au>
Cc: debian-devel@lists.debian.org
Subject: Re: HTTPS everywhere!
From: Matthias Urlichs <matthias@urlichs.de>
Date: Tue, 24 Jun 2014 08:29:42 +0200
Message-id: <[🔎] 20140624062942.GA27052@smurf.noris.de>
In-reply-to: <[🔎] 1403569265.5653.52.camel@russell-laptop.pc.brisbane.lube>
References: <[🔎] 1403297908.4386.49.camel@heisenberg.scientia.net> <[🔎] 87simyjpgd.fsf@aexonyam.err.no> <[🔎] 1403366287.4582.23.camel@heisenberg.scientia.net> <[🔎] 1403398365.11501.115.camel@russell-laptop.pc.brisbane.lube> <[🔎] 1403400885.4582.40.camel@heisenberg.scientia.net> <[🔎] 1403410910.11501.140.camel@russell-laptop.pc.brisbane.lube> <[🔎] 1403444957.4692.47.camel@heisenberg.scientia.net> <[🔎] 1403477896.5610.20.camel@russell-laptop.pc.brisbane.lube> <[🔎] 1403537216.4831.22.camel@heisenberg.scientia.net> <[🔎] 1403569265.5653.52.camel@russell-laptop.pc.brisbane.lube>

Hi,

Russell Stuart:
> This looks like pinning under another name to me.  And quoting you
> above, in this very same email, you say pinning is too hard because you
> have to "hard code all the single Debian host certs in all programs that
> use TLS/SSL (or at least with Debian services)".  And yet now you say we
> have to do this anyway!
> 
The difference is that while pinning a bunch of certificates is indeed a
lot of on-going work, pinning the CA cert used to sign these is not (set up
the CA and install it into our software once, sign server certificates with
that forevermore).

-- 
-- Matthias Urlichs

Reply to:

Follow-Ups:
- Re: HTTPS everywhere!
  - From: Russell Stuart <russell-debian@stuart.id.au>

References:
- Re: HTTPS everywhere!
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: HTTPS everywhere!
  - From: Tollef Fog Heen <tfheen@err.no>
- Re: HTTPS everywhere!
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: HTTPS everywhere!
  - From: Russell Stuart <russell-debian@stuart.id.au>
- Re: HTTPS everywhere!
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: HTTPS everywhere!
  - From: Russell Stuart <russell-debian@stuart.id.au>
- Re: HTTPS everywhere!
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: HTTPS everywhere!
  - From: Russell Stuart <russell-debian@stuart.id.au>
- Re: HTTPS everywhere!
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: HTTPS everywhere!
  - From: Russell Stuart <russell-debian@stuart.id.au>

Prev by Date: Re: HTTPS everywhere!
Next by Date: Re: HTTPS everywhere!
Previous by thread: Re: HTTPS everywhere!
Next by thread: Re: HTTPS everywhere!
Index(es):
- Date
- Thread