Re: git and https
On Fri, May 29, 2015 at 7:40 AM, Russ Allbery wrote:
> I'm fine with locking the doors. I'm not fine with paying protection
> money to a Mafia goon who claims they'll lock your windows, and sort of
> sometimes does. It's the extortion component that pisses me off about
> HTTPS.
LetsEncrypt will save us!
> If we can use a Debian-specific CA, we can do cert pinning, since we're
> then assuming we have some control over the client. I was assuming a
> general client where we'd have to play nice with the normal CA roots.
Then we would constantly get complaints from Ubuntu/etc
developers/users about why Debian uses invalid certs, as we did before
Debian moved to mafia certs. Unfortunately I don't think it is
possible to use both mafia CAs and non-mafia CAs without adding say a
lot of non-mafia subdomains, like non-mafia.www.debian.org.
--
bye,
pabs
https://wiki.debian.org/PaulWise
Reply to:
- Follow-Ups:
- Re: git and https
- From: Riley Baird <BM-2cVqnDuYbAU5do2DfJTrN7ZbAJ246S4Xix@bitmessage.ch>