[Expired for pollinate (Ubuntu) because there has been no activity for
60 days.]
** Changed in: pollinate (Ubuntu)
Status: Incomplete => Expired
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Again, I think there are good reasons for pinning the certificate (I
agree with myself of ~14 months ago). Even better would be to use a
certificate generated by a private CA, so there's no third party that
can generate a malicious certificate that is trusted by the client. We
don't need a third
** Changed in: pollinate (Ubuntu)
Assignee: (unassigned) => Paride Legovini (paride)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1895714
Title:
Investigate and remove CA pinning
To manage
For services that are not meant to be accessible by generic clients but
that are instead bound to a specific client, then I think the best
practice is to avoid the use of a public CA altogether, and rely on a
private CA pinned in the client. This removes the (possibly-not-)trusted
third party from
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: pollinate (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1895714
Title:
Original design principle: https://blog.dustinkirkland.com/2014/02
/random-seeds-in-ubuntu-1404-lts-cloud.html
"""
Q: What about SSL compromises, or CA Man-in-the-Middle attacks?
A: We are mitigating that by bundling the public certificates in the client.
The pollinate package ships the
See also bug 1381359 - an example of a routine SRU updating the pin.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1895714
Title:
Investigate and remove CA pinning
To manage notifications about