[Freedombox-discuss] CAs and cipher suites for cautious servers like FreedomBox

[eugen@leitl.org (Eugen Leitl)]

On Thu, Sep 12, 2013 at 11:43:28AM +0100, Keith wrote:
> Anyone for setting up a Freedombox CA?
> This could be added to the freedombox as a trusted CA and usable for
> freedombox to freedombox TLS only.

A CA appears counterproductive. End users should use 
self-signed certs, or each Freedombox issue contain
their own CA.

The only source of centralism is the Debian package
depository. Notice that the way Debian signing
secrets are currently maintained is not secure, and 
would allow large scale attacks against the Freedombox 
network.

Due to the information recently released, his is no 
longer a remote possibility, but should be central 
to the threat model.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20130912/ad6f9019/attachment.sig>