dnssec-trigger + GNOME + NetworkManager integration
Reindl Harald
h.reindl at thelounge.net
Thu Jul 2 14:27:27 UTC 2015
Am 02.07.2015 um 16:16 schrieb Reindl Harald:
> Am 02.07.2015 um 16:04 schrieb drago01:
>> On Thu, Jul 2, 2015 at 2:33 AM, Reindl Harald <h.reindl at thelounge.net>
>> wrote:
>>>
>>> Am 02.07.2015 um 02:30 schrieb Michael Catanzaro:
>>>>
>>>> On Wed, 2015-07-01 at 19:59 -0400, Paul Wouters wrote:
>>>>>
>>>>> Principles are good and well. But how many times did you actually USE
>>>>> that option you so reluctantly implemented? :)
>>>>
>>>>
>>>> Actually, I honestly don't remember ever using it except testing it
>>>> during development. I just don't visit broken sites. They are few and
>>>> far between nowadays
>>>
>>> that's nonsense
>>>
>>> a self signed certificate is exactly as secure as a CA certificate
>>> you pay
>>> for after there are hundrets and thousands by default trusted CA's in
>>> the
>>> browsers with the only difference you have to accept it once
>>
>> No its not. Because everyone can issue them you can't really know
>> whether it is from who it claims to be from ... even in case you can
>> its in case an attacker gains access of it the issuer can't really
>> revoke it anymore.
>> Browsers do show those warnings for self signed certs for a reason and
>> that reason is *not* to sell certificates
>
> *lol* and with a CA certificate you can?
>
> given that there are thousands of CA's and you need *only one* with a
> broken verfication process to get a certificate for whatever you want
> you can't and if you would read IT news you would know that
>
> the CA system is broken by design
and for "can't really revoke it anymore": please inform yourself and you
know that you in reality can't revoke a cert because all the mechs are
broken, not mandatory in the clients and if they would be mandatory the
OCSP servers would be target number 1 for DOS attacks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150702/ac38bbac/attachment.sig>
More information about the devel
mailing list