* Doug Barton <do...@dougbarton.us> [140430 10:05, mID <5360ae82.6070...@dougbarton.us>]:
> On 04/30/2014 12:41 AM, Werner Koch wrote: > >Hi, > > > >I have changed the website setup so that any plain text access to > >www.gnupg.org is redirected to https://www.gnupg.org . Strict Transport > >Security (HSTS) has also been enabled. > > > >In case of problems with TLS you may use www dot tla-friendly dot > >gnupg.org to view the pages. > > > >Note that https is not enforced for lists.gnupg.org and the other > >services because over there we use CAcert certificates which do not work > >widely enough. > > All good news. :) > > >If there is an interest to have lists at https as well, > >I consider to purchase a certificate for it. > > I know it's been discussed on the list before, but I'm quite happy > with https://www.startssl.com/, and you certainly can't beat the > price. :) You might want to consider my blogpost about StartSSL [1]. Despite that, the SSLLabs test shows two small issues when testing gnupg.org [2], one of which is the too short time sent in the HSTS header. [1] http://blogs.fsfe.org/gollo/2014/04/13/what-the-heartbleed-bug-revealed-to-me/ [2] https://www.ssllabs.com/ssltest/analyze.html?d=gnupg.org Thanks, Martin
signature.asc
Description: Digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
