dnssec-trigger + GNOME + NetworkManager integration

Reindl Harald h.reindl at thelounge.net
Thu Jul 2 14:16:24 UTC 2015



Am 02.07.2015 um 16:04 schrieb drago01:
> On Thu, Jul 2, 2015 at 2:33 AM, Reindl Harald <h.reindl at thelounge.net> wrote:
>>
>> Am 02.07.2015 um 02:30 schrieb Michael Catanzaro:
>>>
>>> On Wed, 2015-07-01 at 19:59 -0400, Paul Wouters wrote:
>>>>
>>>> Principles are good and well. But how many times did you actually USE
>>>> that option you so reluctantly implemented? :)
>>>
>>>
>>> Actually, I honestly don't remember ever using it except testing it
>>> during development. I just don't visit broken sites. They are few and
>>> far between nowadays
>>
>> that's nonsense
>>
>> a self signed certificate is exactly as secure as a CA certificate you pay
>> for after there are hundrets and thousands by default trusted CA's in the
>> browsers with the only difference you have to accept it once
>
> No its not. Because everyone can issue them you can't really know
> whether it is from who it claims to be from ... even in case you can
> its in case an attacker gains access of it the issuer can't really
> revoke it anymore.
> Browsers do show those warnings for self signed certs for a reason and
> that reason is *not* to sell certificates

*lol* and with a CA certificate you can?

given that there are thousands of CA's and you need *only one* with a 
broken verfication process to get a certificate for whatever you want 
you can't and if you would read IT news you would know that

the CA system is broken by design

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150702/77450fb0/attachment.sig>


More information about the devel mailing list