bristol@mailman.lug.org.uk
To subscribe or unsubscribe via the World Wide Web, visit
https://mailman.lug.org.uk/mailman/listinfo/bristol
or, via email, send a message with subject or body 'help' to
bristol-request@mailman.lug.org.uk
You can reach the person managing the list at
bristol-owner@mailman.lug.org.uk
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Bristol digest..."
Today's Topics:
1. Re: SSL Certs (Matt Dainty)
2. Open Source Good News???? (not precisely Linux, but;)
(Winnie Lacesso)
----------------------------------------------------------------------
Message: 1
Date: Wed, 20 Jul 2016 13:37:21 -0400
From: Matt Dainty <matt@bodgit-n-scarper.com>
To: Bristol and Bath Linux User Group <bristol@mailman.lug.org.uk>
Subject: Re: [bristol] SSL Certs
Message-ID: <20160720173721.GG13102@simulant.bodgit-n-scarper.com>
Content-Type: text/plain; charset=us-ascii
* David Smith via Bristol <bristol@mailman.lug.org.uk> [2016-07-20 11:28:11]:
> > From: Bristol [mailto:bristol-bounces@mailman.lug.org.uk] On Behalf Of Alex
> > Butcher via Bristol
> > Otherwise, you're basically looking at:
> > * Trustworthy status - can you be reasonably assured that their processes
> > and infrastructure are reliable and secure enough so as to not issue
> > fraudulent certs?
>
> Just as a point-of-interest, is this actually relevant? I don't think it
> actually increases the security of the system, since the security of the
> system is limited by the least-trustworthy CA that has its root certificates
> in the users' browsers, isn't it? Can't any CA issue a certificate for any
> website, even if another CA has already issued one?
There are additional steps you can take to prevent falling victim to that,
such as publishing DANE TLSA records, which basically means publishing a
fingerprint of the certificate in DNS. Of course, this requires the client
to look this information up, and should therefore also employ DNSSEC to
prevent tampering of DNS records.
See RFC 6698.
Matt
------------------------------
Message: 2
Date: Thu, 21 Jul 2016 09:01:55 +0100 (BST)
From: Winnie Lacesso <Winnie.Lacesso@bristol.ac.uk>
To: bristol@mailman.lug.org.uk
Subject: [bristol] Open Source Good News???? (not precisely Linux,
but;)
Message-ID:
<alpine.LRH.2.02.1607210900140.17410@rescue.phy.bris.ac.uk>
Content-Type: TEXT/PLAIN; charset=US-ASCII
Good news?
"Bulgaria Got a Law Requiring Open Source"
http://catless.ncl.ac.uk/Risks/29.61.html#subj11
"... require all software written for the government to be open-source and
to be developed as such in a public repository."
"With opening the source we hope to reduce those [security] incidents, and
to detect bad information security practices in the development process,
rather than when it's too late."
------------------------------
Subject: Digest Footer
_______________________________________________
Bristol mailing list
Bristol@mailman.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/bristol
------------------------------
End of Bristol Digest, Vol 653, Issue 6
***************************************
Tidak ada komentar:
Posting Komentar