Re: Using Commercial SSL/TLS Certificate for debian.org Site

To: Bagas Sanjaya <bagasdotme@gmail.com>
Cc: debian-www <debian-www@lists.debian.org>
Subject: Re: Using Commercial SSL/TLS Certificate for debian.org Site
From: Paul Wise <pabs@debian.org>
Date: Wed, 19 Jun 2019 13:38:56 +0800
Message-id: <[🔎] CAKTje6FtugoDO1sz-e_DNsnjo4o=2XEi2Kv3BxvJUCc8gq-uCg@mail.gmail.com>
In-reply-to: <[🔎] 0c4255ba-4077-e8ce-e17c-caff0f2235fc@gmail.com>
References: <[🔎] 0c4255ba-4077-e8ce-e17c-caff0f2235fc@gmail.com>

On Wed, Jun 19, 2019 at 12:51 PM Bagas Sanjaya wrote:

> Unlike LE, we (debian.org) have to create Certificate Signing Requests (CSR) which will be sent to those CA.

As a member of the Debian sysadmin team I can tell you that this is
never going to happen. Manually doing TLS is way too much work when
you have hundreds of subdomains and a terrible idea and we will never
go back to doing it.

> EV certificates can be useful for large organizations like Debian.

EV certificates are becoming less useful over time, they are probably
a waste of money now:

https://scotthelme.co.uk/are-ev-certificates-worth-the-paper-theyre-written-on/

> would commercial SSL/TLS make sense for debian.org website?

No.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Reply to:

Follow-Ups:
- Re: Using Commercial SSL/TLS Certificate for debian.org Site
  - From: Bagas Sanjaya <bagasdotme@gmail.com>

References:
- Using Commercial SSL/TLS Certificate for debian.org Site
  - From: Bagas Sanjaya <bagasdotme@gmail.com>

Prev by Date: Using Commercial SSL/TLS Certificate for debian.org Site
Next by Date: Quotation Inquiry #RFQ170619E - New Supplier
Previous by thread: Using Commercial SSL/TLS Certificate for debian.org Site
Next by thread: Re: Using Commercial SSL/TLS Certificate for debian.org Site
Index(es):
- Date
- Thread