[lfs-dev] Security Certificate for linuxfromscratch.org

Tim Tassonis stuff at decentral.ch
Mon Aug 22 01:43:01 PDT 2016


On 08/22/16 10:29, Tim Tassonis wrote:
>
>
> On August 22, 2016 10:08:42 Paul Menzel <pmenzel at molgen.mpg.de> wrote:
>
>> Dear Bruce,
>>
>>
>> On 08/22/16 05:47, Bruce Dubbs wrote:
>>> Rical Jasan wrote:
>>>> Dudes and Dudettes,
>>>>
>>>> Why do you not have a certificate for your site?  Send me a CSR,
>>>> and I will get one for you.
>>>
>>> It is not needed.  Everything is public.
>>
>> It’s not only about encryption. It’s about authentication. Right now,
>> visitors have no way to determine if they are talking to the “real” LFS
>> server or some other server claiming to be the LFS server.
>
>
> What  I truly wonder: was it really you that wrotw this previous reply?
> I have no way to tell. Maybe we shuold start using S/MIME for email
> signing, whit everyone buying a SSS Client Certificate from a commercial
> vendor?
>
> We then also have to fully protect the server's private key, so nobody
> can steal it and run a fake LFS server with daulty recipees for glibc,
> gcc and binutils,,and trick everyone by clever dns cache poisinig
> attacks. We definitel have to implement secur DNSSEC first. As systemd's
> networkd provides that, we should soon all be ok.


Most importantly, I should stop sending mails full of typos by writing 
them on my mobile in bed...


>
>>
>> So I would welcome it too, if the Web site would be securely accessible
>> over HTTPS.
>>
>>
>> Best regards,
>>
>> Paul
>> --
>> http://lists.linuxfromscratch.org/listinfo/lfs-dev
>> FAQ: http://www.linuxfromscratch.org/faq/
>> Unsubscribe: See the above information page
>
>


-- 
decentral.ch - IT Stuff
Tim Tassonis
Dennlerstasse 36
8047 Zürich

stuff at decentral.ch
+41 79 229 36 17


More information about the lfs-dev mailing list