> On Oct 1, 2016, at 11:01 AM, li...@lazygranch.com wrote:
>
> On the latest "Security Now" podcast, Steve Gibson's makes noises about
> DNSSEC/DANE replacing certs, but not in detail.
I think that this thread, which was only tenuously connected to
Postfix in the first place, is no longer opera
se http2 without it.)
Original Message
From: Alice Wonder
Sent: Saturday, October 1, 2016 3:29 AM
To: postfix-users@postfix.org
Subject: Re: WoSign/StartCom CA in the news
On 09/30/2016 06:52 AM, John @ KLaM wrote:
> Yes, I understand DANE can be used for MTAs. My musing is could it
>
On 09/30/2016 06:52 AM, John @ KLaM wrote:
Yes, I understand DANE can be used for MTAs. My musing is could it
completely replace the existing CA mess, and I suppose the follow up is
how?
I do not see it as a replacement for the CA mess but rather as a form of
2-factor authentication.
There
Yes, I understand DANE can be used for MTAs. My musing is could it
completely replace the existing CA mess, and I suppose the follow up is how?
On September 30, 2016 09:12:30 wie...@porcupine.org (Wietse Venema) wrote:
John:
This may be way off topic, if I apologise.
Looking a the availabl
John:
> This may be way off topic, if I apologise.
>
> Looking a the available CAs many of them do not seem to pass the
> /s//niff test//./ WoSign/Startcom are not alone in being found to be
> either incompetent or dishonest. Which made me wonder if there might be
> an alternative to CA issued
On Fri, Sep 30, 2016 at 08:36:58AM -0400, John wrote:
> This may be way off topic, if I apologise.
Not really, not much anyway.
> Looking a the available CAs many of them do not seem to pass the
> /s//niff test//./ WoSign/Startcom are not alone in being found to
> be either incompetent or disho
This may be way off topic, if I apologise.
Looking a the available CAs many of them do not seem to pass the
/s//niff test//./ WoSign/Startcom are not alone in being found to be
either incompetent or dishonest. Which made me wonder if there might be
an alternative to CA issued certs. Is there a
s internal
control issues.
Original Message
From: Alice Wonder
Sent: Thursday, September 29, 2016 8:35 PM
To: postfix-users@postfix.org
Subject: Re: WoSign/StartCom CA in the news
On 09/28/2016 01:25 AM, li...@lazygranch.com wrote:
> I don't want take this thread off course, but s
On 09/28/2016 01:25 AM, li...@lazygranch.com wrote:
I don't want take this thread off course, but suggestions for low cost certs
would be appreciated. I don't like how Let's Encrypt works, else that would be
the obvious solution.
Domain registration isn't free. Server time isn't free. Someth
ember 28, 2016 8:11 AM
To: postfix-users@postfix.org
Subject: Re: WoSign/StartCom CA in the news
On 9/28/2016 10:53 AM, KSB wrote:
> On 2016.09.28. 17:47, Mike wrote:
>> On 9/28/2016 4:55 AM, li...@lazygranch.com wrote:
>>> CACert came up in my search. I will look into it. Suggesti
On 9/28/2016 10:53 AM, KSB wrote:
> On 2016.09.28. 17:47, Mike wrote:
>> On 9/28/2016 4:55 AM, li...@lazygranch.com wrote:
>>> CACert came up in my search. I will look into it. Suggestions always
>>> appreciated since I'm quite comfortable with people out there knowing more
>>> than me.
>>>
>>> I
On 2016.09.28. 17:47, Mike wrote:
On 9/28/2016 4:55 AM, li...@lazygranch.com wrote:
CACert came up in my search. I will look into it. Suggestions always
appreciated since I'm quite comfortable with people out there knowing more than
me.
I didn't like the Let's Encrypt 90 day deal with mysteri
On Wed, Sep 28, 2016 at 08:53:01AM +, Viktor Dukhovni wrote:
> On Wed, Sep 28, 2016 at 01:25:42AM -0700, li...@lazygranch.com
> wrote:
>
> > I don't want take this thread off course, but suggestions for low
> > cost certs would be appreciated. I don't like how Let's Encrypt
> > works, else
On 9/28/2016 4:55 AM, li...@lazygranch.com wrote:
> CACert came up in my search. I will look into it. Suggestions always
> appreciated since I'm quite comfortable with people out there knowing more
> than me.
>
> I didn't like the Let's Encrypt 90 day deal with mysterious upload to your
> serve
On 16-09-28 04:55 AM, li...@lazygranch.com wrote:
> I didn't like the Let's Encrypt 90 day deal with mysterious upload to your
> server.
While I do not like to grant root access to a third-party controlled
process on my server, there are good alternatives and the only things
that I upload to my s
My StartSSL-certs are valid until 4th of october. Luckily I switched to
Let's encrypt yesterday - with DANE, of course. ;-)
Regards,
Renne
Am 28.09.2016 um 00:29 schrieb Viktor Dukhovni:
> WoSign (who seemingly purchased StartCom) seem to have run into
> some compliance issues as reported by
u need to recruit customers for them.
>
> Same with the others. Of course they want to stay in business, even if
> it's dead already.
>
>>
>>
>> Original Message
>> From: Sven Schwedas
>> Sent: Wednesday, September 28, 2016 1:10 AM
>> To: pos
On 28.09.2016 12:03, KSB wrote:
> probably they will go down to 30 days as most admins learn to do
> automation.
I have read various LE posts regarding certificate lifetime, and while I
agree that LE apparently favours automation, I don't think the matter
has been decided yet. My personal (!) tak
On 28/09/16 09:51, Boris Behrens wrote:
>> Am 28.09.2016 um 10:25 schrieb li...@lazygranch.com:
>>
>> I don't want take this thread off course, but suggestions for low cost certs
>> would be appreciated. I don't like how Let's Encrypt works, else that would
>> be the obvious solution.
>>
>> Do
On 2016.09.28. 12:59, Ralph Seichter wrote:
As for the "90 day deal": LE is still in ramp-up phase, so I expect the
validity period to increase. Even with 90 days, it is worth using their
certificates. In a DANE context, all you need to take care of is not
automatically generating new keys with
On 28.09.2016 10:55, li...@lazygranch.com wrote:
> I didn't like the Let's Encrypt 90 day deal with mysterious upload to
> your server. It bugs me.
Let's Encrypt does not upload anything to your server. You download an
updated certificate, if and when you choose to. That process can be
invoked ma
On 28/09/16 09:25, li...@lazygranch.com wrote:
I don't want take this thread off course, but suggestions for low cost certs
would be appreciated. I don't like how Let's Encrypt works, else that would be
the obvious solution.
When Symantec first announced that they would compete with Let's Encr
On Wed, Sep 28, 2016 at 01:55:06AM -0700, li...@lazygranch.com wrote:
> I didn't like the Let's Encrypt 90 day deal with mysterious upload to your
> server. It bugs me.
You're mistaken about how LE works. There is no remote control of
your server, or any externally imposed update. They provide
nesday, September 28, 2016 1:34 AM
To: li...@lazygranch.com; postfix-users@postfix.org
Subject: Re: WoSign/StartCom CA in the news
On 2016-09-28 10:25, li...@lazygranch.com wrote:
> I don't want take this thread off course, but suggestions for low cost certs
> would be appreciated. I don
On Wed, Sep 28, 2016 at 01:25:42AM -0700, li...@lazygranch.com wrote:
> I don't want take this thread off course, but suggestions for low cost
> certs would be appreciated. I don't like how Let's Encrypt works, else
> that would be the obvious solution.
I am curious what you don't like about "Le
sage
> From: Sven Schwedas
> Sent: Wednesday, September 28, 2016 1:10 AM
> To: postfix-users@postfix.org
> Subject: Re: WoSign/StartCom CA in the news
>
> On 2016-09-28 00:31, Giovanni Harting wrote:
>> Correct me if I'm wrong, but that document you describe issues by
hat they would compete with Let's
>Encrypt, I signed up with them. But it looks like their free cert
>program is more like you need to recruit customers for them.
>
>
> Original Message
>From: Sven Schwedas
>Sent: Wednesday, September 28, 2016 1:10 AM
>To: postfix-u
them. But it looks like their free cert program is more like
> you need to recruit customers for them.
Same with the others. Of course they want to stay in business, even if
it's dead already.
>
>
> Original Message
> From: Sven Schwedas
> Sent: Wednesday, September 28, 20
to recruit customers for them.
Original Message
From: Sven Schwedas
Sent: Wednesday, September 28, 2016 1:10 AM
To: postfix-users@postfix.org
Subject: Re: WoSign/StartCom CA in the news
On 2016-09-28 00:31, Giovanni Harting wrote:
> Correct me if I'm wrong, but that document you d
On 2016-09-28 00:31, Giovanni Harting wrote:
> Correct me if I'm wrong, but that document you describe issues by
> Mozilla and others, doesn't it state that it would only affect new
> issues certs after a certain date?
Yes, but most StartSSL/WoSign certificates are only valid for a year or
less. S
> On Sep 27, 2016, at 6:31 PM, Giovanni Harting <5...@idlegandalf.com> wrote:
>
> Correct me if I'm wrong, but that document you describe issues by Mozilla and
> others, doesn't it state that it would only affect new issues certs after a
> certain date?
Yes, quote:
Taking into account all
Correct me if I'm wrong, but that document you describe issues by
Mozilla and others, doesn't it state that it would only affect new
issues certs after a certain date?
Am 09/28/16 um 00:29 schrieb Viktor Dukhovni:
WoSign (who seemingly purchased StartCom) seem to have run into
some compliance
WoSign (who seemingly purchased StartCom) seem to have run into
some compliance issues as reported by Firefox:
http://arstechnica.com/security/2016/09/firefox-ready-to-block-certificate-authority-that-threatened-web-security/
Many SMTP servers are using certs from StartCom. In my DANE
adopt
33 matches
Mail list logo
