you guys are talking about the website right ?
2014-03-30 13:26 GMT+02:00 Hugo Osvaldo Barrera <[email protected]>: > On 2014-03-30 10:21, Stéphane Guedon wrote: > > Le dimanche 30 mars 2014 07:33:55, vous avez écrit : > > > I believe the opensmtp project is taking the right approach. > > > Decisions about certification strategies are more business than > > > technical, and, I suggest, the opensmtp project is not here to make > > > business recommendations, even implicit ones. Wikipedia document > > > some things to consider, including > > > http://en.wikipedia.org/wiki/X.509#Security ‹ see problems with > > > certificate authorities. > > > > I know some of the critics and agree with them. > > But that remains : opensmtpd.org uses poolp.org certificates. > > It's not good. > > Indeed. Not-using SSL would be one thing. A wrong cert is another. > > > > > Having said that, I most certainly do not speak for the opensmtp > > > project; indeed, I do not speak for anyone apart from me, and am > > > most probably talking nonsense. > > > > > > If I were to use certificates that had to be trustable by strangers, > > > I¹d use a certification authority from an established organisation > > > whose business depended on them being trusted. By coincidence, I > > > live in an international banking centre, so I¹ve a rich choice (ho > > > ho). > > > > The project can also use Cacert. That makes much more sense, the > > certificates are well signed, correspond to the actual address the > > person want to visit, and there's chance that an opensmtpd user > > (because of free software mind / knowledges / enthousiasm) has some > > knowledge of cacert so either he trusts it already, or he knows he can > > and how to do things... > > The huge downside with cacert is that no major browser or OS trust > it. Even debian recently dropped it from it's bundle. So most users will > get a rather unfriendly message from their browser. > > StartSSL's have all that you mention above, plus, trust from major > browsers. They're free as well, of course. > > > > > > Dylan Harris > > > Š a broad Brit abroad Š > > > > > > On 30/03/2014 04:40, "Hugo Osvaldo Barrera" <[email protected]> wrote: > > > >On 2014-03-29 19:26, Stéphane Guedon wrote: > > > >> Hello > > > >> > > > >> I don't like to behave like an asshole and say stupid things to > > > >> cool peoples... but the ssl certs for opensmtpd.org are valid > > > >> only for poolp.org. > > > >> > > > >> You don't use dnssec, neither good ssl certs ... ? > > > >> > > > >> Sorry for annoyement. > > > > > > > >Hit to the dev: StartSSL give out free SSL certificate that are > > > >trusted by all major browsers and OSs. That + SNI should fix that. > > > >:) > > > > -- > > You received this mail because you are subscribed to [email protected] > > To unsubscribe, send a mail to: [email protected] > > > > -- > Hugo Osvaldo Barrera > A: No, it doesn't make sense. > Q: Should I include quotations *after* my reply? >
