Re: [Gossip] The Mail Archive transitioning away from a small business

2019-01-29 Thread Yang Yu 
On Sun, Jan 27, 2019 at 7:22 PM Jeff Breidenbach  wrote:
>
> So far, so good with this transition. Happy 2019 to everyone.

Thanks for keeping this awesome service running. Happy New Year!


Yang

___
Gossip mailing list
https://www.mail-archive.com/gossip@mail-archive.com
https://www.mail-archive.com/cgi-bin/mailman/options/gossip

Re: [Gossip] Replacing StartCom certificate

2016-10-20 Thread Yang Yu 
Hi Jeff,

According to the bug, the current action affects new certificates
(including EV) only.
https://bugzilla.mozilla.org/show_bug.cgi?id=1311832

imo StartCom/WoSign won't be able to issue legitimate certificates for
a while, but they can backdate just like they did before.

On Thu, Oct 20, 2016 at 9:23 PM, Jeff Breidenbach  wrote:
> Thanks for the heads up. Highly appreciated. I'm impressed that you know the
> certificate
> vendor for The Mail Archive. I was not aware of the drama going on with
> StartCom.
> Is it correct that the removal only applies to new certificates, and
> therefore the
> deadline for action is May 3, 2017 when the current certificate expires? Or
> is it more
> urgent than that? Also, does the trust store removal include extended
> validation
> certificates? This quite a bummer, as it took a whole lot of paperwork to
> get that EV
> certificate which presumably will have to be redone with a new vendor.
>
>
>

___
Gossip mailing list
https://www.mail-archive.com/gossip@mail-archive.com
https://www.mail-archive.com/cgi-bin/mailman/options/gossip

[Gossip] Replacing StartCom certificate

2016-10-18 Thread Yang Yu 
Any plan to replace the StartCom certificate? StartCom is getting
removed from Mozilla and Apple trust store. Let's encrypt may be a
good alternative. Thanks.


Yang

___
Gossip mailing list
https://www.mail-archive.com/gossip@mail-archive.com
https://www.mail-archive.com/cgi-bin/mailman/options/gossip

[Gossip] Outage?

2016-05-31 Thread Yang Yu 
Hello,

Is there any maintenance going on in the past week or so? I noticed
the website went down a few times. archiving latency is getting quite
high.



Yang

___
Gossip mailing list
https://www.mail-archive.com/gossip@mail-archive.com
https://www.mail-archive.com/cgi-bin/mailman/options/gossip

[Gossip] certificate chain is incomplete

2016-01-09 Thread Yang Yu 
I started getting SSL certificate errors lately on android for
https://www.mail-archive.com.

https://globalsign.ssllabs.com/analyze.html?d=mail-archive.com

Some other issues were reported as well in the SSL report.

$ openssl s_client -connect www.mail-archive.com:443
CONNECTED(0003)
depth=0 jurisdictionC = US, jurisdictionST = California,
businessCategory = Private Organization, serialNumber = C2578355, C =
US, ST = California, L = Saratoga, postalCode = 95070, street = 16200
Sanborn Road, O = "Mail-Archive, Inc.", emailAddress =
postmas...@mail-archive.com, CN = www.mail-archive.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 jurisdictionC = US, jurisdictionST = California,
businessCategory = Private Organization, serialNumber = C2578355, C =
US, ST = California, L = Saratoga, postalCode = 95070, street = 16200
Sanborn Road, O = "Mail-Archive, Inc.", emailAddress =
postmas...@mail-archive.com, CN = www.mail-archive.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/jurisdictionC=US/jurisdictionST=California/businessCategory=Private
Organization/serialNumber=C2578355/C=US/ST=California/L=Saratoga/postalCode=95070/street=16200
Sanborn Road/O=Mail-Archive,
Inc./emailAddress=postmas...@mail-archive.com/CN=www.mail-archive.com
   i:/C=IL/O=StartCom Ltd./OU=StartCom Certification
Authority/CN=StartCom Extended Validation Server CA
 1 s:/C=IL/O=StartCom Ltd./OU=StartCom Certification
Authority/CN=StartCom Class 4 EV Server CA
   i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate
Signing/CN=StartCom Certification Authority
---
Server certificate
-BEGIN CERTIFICATE-
MIIJPjagAwIBAgIQTX9wjS+41Rdn5B0IXFV8cjANBgkqhkiG9w0BAQsFADCB
gTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKTAnBgNVBAsT
IFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS8wLQYDVQQDEyZTdGFy
dENvbSBFeHRlbmRlZCBWYWxpZGF0aW9uIFNlcnZlciBDQTAeFw0xNjAxMDMwODU2
NDBaFw0xNzA1MDMwODU2NDBaMIIBLjETMBEGCysGAQQBgjc8AgEDDAJVUzEbMBkG
CysGAQQBgjc8AgECDApDYWxpZm9ybmlhMR0wGwYDVQQPDBRQcml2YXRlIE9yZ2Fu
aXphdGlvbjERMA8GA1UEBRMIQzI1NzgzNTUxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
DApDYWxpZm9ybmlhMREwDwYDVQQHDAhTYXJhdG9nYTEOMAwGA1UEEQwFOTUwNzAx
GzAZBgNVBAkMEjE2MjAwIFNhbmJvcm4gUm9hZDEbMBkGA1UECgwSTWFpbC1BcmNo
aXZlLCBJbmMuMSowKAYJKoZIhvcNAQkBFhtwb3N0bWFzdGVyQG1haWwtYXJjaGl2
ZS5jb20xHTAbBgNVBAMMFHd3dy5tYWlsLWFyY2hpdmUuY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz9UjxZTwoywpM7YkDKmaxOxBjgTGaSW8jWvq
lTRMy0/JqYhlyOapQC2Y33oOfm4bctRi2CEs0a7VgeMbPxd7+AXLy7I88ExRTfVp
HTcdZfTootxgnYkqbl7iEa00izktAmDi8+fqhmo+gc7cwocGbr7t53oXlVzHhx/q
O4CQaRSzfKD2/RfeVvIya6sweK/nxdtXfcof83+maSRAy+6rHSZVCPm7nuehgXrE
/awSxEkH9zBzrjqyKNWY7urY4Omru6gCwES4fAb4pqkemSH95zKsyqk7I+RMs62q
g3PMPXhegMGj7wlEweMCaB5l79QOwV1y1Eic6cki8FQ3uQs3PQIDAQABo4IFADCC
BPwwCwYDVR0PBAQDAgOoMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAJ
BgNVHRMEAjAAMB0GA1UdDgQWBBTpW/8bgTDIwHBUZjJ65ePLjSOhszAfBgNVHSME
GDAWgBSh4Z5FJXlNBtkCF5KC1TCJciUUoDCBjgYIKwYBBQUHAQEEgYEwfzA5Bggr
BgEFBQcwAYYtaHR0cDovL29jc3Auc3RhcnRzc2wuY29tL3N1Yi9jbGFzczQvc2Vy
dmVyL2NhMEIGCCsGAQUFBzAChjZodHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0
cy9zdWIuY2xhc3M0LnNlcnZlci5jYS5jcnQwNQYDVR0fBC4wLDAqoCigJoYkaHR0
cDovL2NybC5zdGFydHNzbC5jb20vY3J0NC1jcmwuY3JsMHYGA1UdEQRvMG2CFHd3
dy5tYWlsLWFyY2hpdmUuY29tghBtYWlsLWFyY2hpdmUuY29tghNnby5tYWlsLWFy
Y2hpdmUuY29tghhtYWlsbWFuLm1haWwtYXJjaGl2ZS5jb22CFG1pZC5tYWlsLWFy
Y2hpdmUuY29tMCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzCC
AZsGA1UdIASCAZIwggGOMAsGCSsGAQQBgbU3AjANBgsrBgEEAYG1NwEBATCCAW4G
CysGAQQBgbU3AQIDMIIBXTAuBggrBgEFBQcCARYiaHR0cDovL3d3dy5zdGFydHNz
bC5jb20vcG9saWN5LnBkZjAwBggrBgEFBQcCARYkaHR0cDovL3d3dy5zdGFydHNz
bC5jb20vZXh0ZW5kZWQucGRmMIH4BggrBgEFBQcCAjCB6zAnFiBTdGFydENvbSBD
ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgEBGoG/VGhpcyBjZXJ0aWZpY2F0ZSB3
YXMgaXNzdWVkIGFjY29yZGluZyB0byB0aGUgRXh0ZW5kZWQgVmFsaWRhdGlvbiBy
ZXF1aXJlbWVudHMgb2YgdGhlIFN0YXJ0Q29tIENBIHBvbGljeSwgcmVsaWFuY2Ug
b25seSBmb3IgdGhlIGludGVuZGVkIHB1cnBvc2UgaW4gY29tcGxpYW5jZSBvZiB0
aGUgcmVseWluZyBwYXJ0eSBvYmxpZ2F0aW9ucy4wggF9BgorBgEEAdZ5AgQCBIIB
bQSCAWkBZwB2AM21F5t/wcBG/uoxE2o/jwAuYYL6+Ilv7Miy9bWrYEkBUgbc
a6EAAAQDAEcwRQIgAuP+zfMpzgYKfQ/D2K8h+Fy4l07RS+E9dbex4jDbg/gCIQC9
u4yYCr1FPOXe9NR0zG806GlqxPiLOh2fC14oblnHjQB2AGj2mPgfZIK+OozuuSgd
TPxxUV1nk9RE0QpnrLtPT/vEAAABUgbcbPMAAAQDAEcwRQIgYd5Q9x+4Eyty3+8Z
fOhArFwU06D61aqjgnXkk0A68y8CIQDfd+bTpsy2fn1hqJmvIQtid6pCIkO57dwL
VVSRGdNpiQB1AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABUgbc
b0EAAAQDAEYwRAIgFfRlh5jutKv7RyVvmRhrpQgqNAY0wk3TO/EFQqYtWCcCIBDp
dSmcVbZhsdaFVVLBFlHib3n17x3nHLY/+90nhCD8MA0GCSqGSIb3DQEBCwUAA4IB
AQCzc/vXVY69pYoXvR5mvEO83lFEM4+1QqJxQ5kB/lmb1F1BvhFBdbVxbKDPsRy+
w16BUrKxDx70B1cCib8bu7IGFmSw1cfpVO7Syx4vK4OWEh/L08uwKUNC/+h52tRv
EDjZPQGXLqhSQ0O/rdgZAR9gzAhiXCjHZgkfewtQi1RUpJFtSNIYolkCZtz67YL2
Qt9o9dw0GLRczd+722WAMT3zlkgXYG7oB2m6X8IlLp5CVDZprwqXLrsBOoB55EDJ
IRK7NEMxIrCLcmK4ba/NN3nMwPaDtdk2R7yslzCWS09eGBJ8CbmORlKOJtIzpQn0
tdS2SFpW9fvtp0aq5Zoh8uWJ
-END CERTIFICATE-

Re: [Gossip] certificate chain is incomplete

2016-01-09 Thread Yang Yu 
Yes no more warnings on android. Thanks for the quick fix.


Yang

On Sat, Jan 9, 2016 at 10:45 PM, Jeff Breidenbach  wrote:
> Thanks for the detailed report. I made some changes and now
> get a 'A' rating on the online test. Does this fix the Android
> problems?

___
Gossip mailing list
https://www.mail-archive.com/gossip@mail-archive.com
https://www.mail-archive.com/cgi-bin/mailman/options/gossip