[Savannah-hackers-public] [gnu.org #265793] TLS certificates

[Joshua Ginsberg via RT]

> [beuc - Tue Jan 17 15:02:28 2006]:
> 
> > CAcert.org is not a recognized CA by any major browser, so at the end of
> > the day, it's no more secure than signing your own certificates.
> 
> Yes, the point is that they may be in the future.

They may very well be. At least from reading their lobbying efforts to
get included in Mozilla, they've certainly got some political
controversy surrounding them (are they really only run by one guy?). But
like I said, we don't particularly care -- it's not any more secure
unless they earn that trust.

> I can't. I'm offered the following choice:
>       address@hidden
>       address@hidden
>       address@hidden
>       address@hidden
>       address@hidden

Wow. That's the exact opposite of every CA I've worked with -- and it
makes very little sense.

> Maybe you can, as a quick work-around, have the MXes set to mx10&al
> for savannah.gnu.org (as Jim did for cvs.savannah.gnu.org).

It appears we will have to do this if you are to get this cert from Duane.

> If I'm not mistaken address@hidden should then receive
> address@hidden

Not exactly. We'd have to specify that behavior. But we're much more
inclined to simply have it go to savannah hackers.

> Do you think there is any issue with adding MXes to Savannah? We may
> need this in the future, for example when Savane implements a mail
> interface for the trackers.

Any mail that Savannah receives will have to come through the GNU mail
gateway. It would not go to Savannah directly.

> (2 actually: gnu.org & nongnu.org)
> 
> Do you mean buying additional certificates to entrust.net? Or
> something else?

Entrust, yes.

-jag

-- 
Joshua Ginsberg <address@hidden>
Free Software Foundation - Senior Systems Administrator