Re: Using Commercial SSL/TLS Certificate for debian.org Site

To: debian-www <debian-www@lists.debian.org>
Cc: Bagas Sanjaya <bagasdotme@gmail.com>
Subject: Re: Using Commercial SSL/TLS Certificate for debian.org Site
From: Paul Wise <pabs@debian.org>
Date: Wed, 19 Jun 2019 14:25:51 +0800
Message-id: <[🔎] b5bb4f4dba760c9ba75ae9929f212ff5f57583d2.camel@debian.org>
In-reply-to: <[🔎] f63029f7-e0fb-27f3-6f12-6c61722f9085@gmail.com>
References: <[🔎] 0c4255ba-4077-e8ce-e17c-caff0f2235fc@gmail.com> <[🔎] CAKTje6FtugoDO1sz-e_DNsnjo4o=2XEi2Kv3BxvJUCc8gq-uCg@mail.gmail.com> <[🔎] f63029f7-e0fb-27f3-6f12-6c61722f9085@gmail.com>

On Wed, 2019-06-19 at 13:05 +0700, Bagas Sanjaya wrote:

> It can be prevented by using wildcard certificates

That is another terrible idea, if that one certificate is compromised
then the attacker can impersonate any subdomain for the entire validity
period. Moving towards individual certs and keys for each site with
short validity periods with automatic renewal is a much better option.

> Why did you say like that?

Since there are no good reasons to do what you suggest.

I won't be responding to this thread any longer.
I request that you stop responding to this thread too.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

References:
- Using Commercial SSL/TLS Certificate for debian.org Site
  - From: Bagas Sanjaya <bagasdotme@gmail.com>
- Re: Using Commercial SSL/TLS Certificate for debian.org Site
  - From: Paul Wise <pabs@debian.org>
- Re: Using Commercial SSL/TLS Certificate for debian.org Site
  - From: Bagas Sanjaya <bagasdotme@gmail.com>

Prev by Date: Re: Using Commercial SSL/TLS Certificate for debian.org Site
Next by Date: Re: Re: Using Cloudflare as CDN for debian.org website
Previous by thread: Re: Using Commercial SSL/TLS Certificate for debian.org Site
Next by thread: Quotation Inquiry #RFQ170619E - New Supplier
Index(es):
- Date
- Thread