Kurt Roeckx <[EMAIL PROTECTED]> wrote:
> The certificate for db.debian.org is still signed by the old key.
Mmmm.
>> > They're both part of the ca-certificates package in testing and
>> > unstable:
>> > new: /etc/ssl/certs/SPI_CA_2006-cacert.pem
>> > old: /etc/ssl/certs/spi-ca.pem
>>
>> It appea
On Wed, Oct 11, 2006 at 09:22:49PM +0200, Florent Rougon wrote:
> Hi,
>
> I appreciate your help (Joerg, David and Kurt), but there is still a
> problem to solve before I can trust my connection to db.debian.org via
> HTTPS.
>
> Kurt Roeckx <[EMAIL PROTECTED]> wrote:
>
> > So Joerg just replaced
Hi,
I appreciate your help (Joerg, David and Kurt), but there is still a
problem to solve before I can trust my connection to db.debian.org via
HTTPS.
Kurt Roeckx <[EMAIL PROTECTED]> wrote:
> So Joerg just replaced them with the new ones:
> http://www.spi-inc.org/secretary/spi-ca.crt
> http://ww
On Tue, Oct 10, 2006 at 09:57:33PM +0200, Florent Rougon wrote:
> > For those that don't know those files:
> > http://www.spi-inc.org/secretary/spi-ca.crt
> > http://www.spi-inc.org/secretary/spi-ca-fingerprint.txt
So Joerg just replaced them with the new ones:
http://www.spi-inc.org/secretary/spi
On Tue, 2006-10-10 at 22:24 +0200, Joerg Jaspert wrote:
> On 10803 March 1977, Kurt Roeckx wrote:
>
> > I assume you've used https and that you verified the certificate?
> > And saw that it was issued by SPI? And then you looked up SPI's
> > certificate? And you found that there is a text file
On Tue, 2006-10-10 at 21:57 +0200, Florent Rougon wrote:
> [ I think debian-admin have read enough about my request by now, so if
> you reply about verifying certificates and such, please consider
> dropping the CC. Thanks. ]
>
> Kurt Roeckx <[EMAIL PROTECTED]> wrote:
>
> > See:
> > http://l
On 10803 March 1977, Florent Rougon wrote:
> but unfortunately:
> % md5sum /etc/ssl/certs/spi-ca.pem
> 33922a1660820e44812e7ddc392878cb /etc/ssl/certs/spi-ca.pem
> And reading /etc/ssl/certs/spi-ca.pem is not very enlightening:
> It would be nice to have the whole procedure for verifying the
On 10803 March 1977, Kurt Roeckx wrote:
> I assume you've used https and that you verified the certificate?
> And saw that it was issued by SPI? And then you looked up SPI's
> certificate? And you found that there is a text file with the SHA1 and
> MD5 sum signed by Wichert Akkerman?
> For those
[ I think debian-admin have read enough about my request by now, so if
you reply about verifying certificates and such, please consider
dropping the CC. Thanks. ]
Kurt Roeckx <[EMAIL PROTECTED]> wrote:
> See:
> http://lists.debian.org/debian-project/2006/07/msg00056.html
> Which has the key i
On Tue, Oct 10, 2006 at 06:37:16PM +0200, Florent Rougon wrote:
> Hi,
>
> David Clymer <[EMAIL PROTECTED]> wrote:
>
> > With a signature, he just has to trust that signer f00's key has not
> > been compromised, thus the published host key info is trustworthy and a
> > MITM is not happening.
>
>
On Mon, Oct 09, 2006 at 08:19:33PM +0200, Florent Rougon wrote:
>
> 2. I have to trust the integrity of db.debian.org.
>
> I think it would be much better if someone from debian-admin would be so
> kind to GPG-sign the public RSA keys of Debian hosts. This way, I'd only
> have to trust that Jam
Hi,
David Clymer <[EMAIL PROTECTED]> wrote:
> With a signature, he just has to trust that signer f00's key has not
> been compromised, thus the published host key info is trustworthy and a
> MITM is not happening.
To be honest, I believe the MITM attack problem could be mitigated by
the certific
Hi,
Joerg Jaspert <[EMAIL PROTECTED]> wrote:
>> 1. There is also:
>> * Entry created: /00/00 00:00:00 UTC
>> * Entry modified: /00/00 00:00:00 UTC
>
> Those fields could be removed and not shown, that would "fix" this. Its
> just that in the past we had those filled i
On Tue, 2006-10-10 at 02:12 +0200, Joerg Jaspert wrote:
> On 10802 March 1977, Florent Rougon wrote:
...
>
> > 2. I have to trust the integrity of db.debian.org.
>
> Signing the keys you would have to trust whoever signed it. Same thing.
>
I don't see that as being the same thing at all. W
On 10802 March 1977, Florent Rougon wrote:
> 1. There is also:
> * Entry created: /00/00 00:00:00 UTC
> * Entry modified: /00/00 00:00:00 UTC
Those fields could be removed and not shown, that would "fix" this. Its
just that in the past we had those filled in, now we d
Hi,
I wanted to login on gluck today and stumbled on that:
@@@
@WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NA
16 matches
Mail list logo
