Le dimanche 30 mars 2014 14:04:38, vous avez écrit : > you guys are talking about the website right ?
yeah (tried to make a joke, but couldn't find a good one... sorry !) > > 2014-03-30 13:26 GMT+02:00 Hugo Osvaldo Barrera <[email protected]>: > > On 2014-03-30 10:21, Stéphane Guedon wrote: > > > Le dimanche 30 mars 2014 07:33:55, vous avez écrit : > > > > I believe the opensmtp project is taking the right approach. > > > > Decisions about certification strategies are more business > > > > than > > > > technical, and, I suggest, the opensmtp project is not here to > > > > make > > > > business recommendations, even implicit ones. Wikipedia > > > > document > > > > some things to consider, including > > > > http://en.wikipedia.org/wiki/X.509#Security ‹ see problems > > > > with > > > > certificate authorities. > > > > > > I know some of the critics and agree with them. > > > But that remains : opensmtpd.org uses poolp.org certificates. > > > It's not good. > > > > Indeed. Not-using SSL would be one thing. A wrong cert is another. > > > > > > Having said that, I most certainly do not speak for the > > > > opensmtp > > > > project; indeed, I do not speak for anyone apart from me, and > > > > am > > > > most probably talking nonsense. > > > > > > > > If I were to use certificates that had to be trustable by > > > > strangers, I¹d use a certification authority from an > > > > established organisation whose business depended on them > > > > being trusted. By coincidence, I live in an international > > > > banking centre, so I¹ve a rich choice (ho ho). > > > > > > The project can also use Cacert. That makes much more sense, the > > > certificates are well signed, correspond to the actual address > > > the > > > person want to visit, and there's chance that an opensmtpd user > > > (because of free software mind / knowledges / enthousiasm) has > > > some > > > knowledge of cacert so either he trusts it already, or he knows > > > he can and how to do things... > > > > The huge downside with cacert is that no major browser or OS trust > > it. Even debian recently dropped it from it's bundle. So most > > users will get a rather unfriendly message from their browser. > > > > StartSSL's have all that you mention above, plus, trust from major > > browsers. They're free as well, of course. > > > > > > Dylan Harris > > > > Š a broad Brit abroad Š > > > > > > > > On 30/03/2014 04:40, "Hugo Osvaldo Barrera" <[email protected]> wrote: > > > > >On 2014-03-29 19:26, Stéphane Guedon wrote: > > > > >> Hello > > > > >> > > > > >> I don't like to behave like an asshole and say stupid > > > > >> things to > > > > >> cool peoples... but the ssl certs for opensmtpd.org are > > > > >> valid > > > > >> only for poolp.org. > > > > >> > > > > >> You don't use dnssec, neither good ssl certs ... ? > > > > >> > > > > >> Sorry for annoyement. > > > > > > > > > >Hit to the dev: StartSSL give out free SSL certificate that > > > > >are > > > > >trusted by all major browsers and OSs. That + SNI should fix > > > > >that. > > > > > > > > > >:) > > > > > > -- > > > You received this mail because you are subscribed to > > > [email protected] To unsubscribe, send a mail to: > > > [email protected]> > > -- > > Hugo Osvaldo Barrera > > A: No, it doesn't make sense. > > Q: Should I include quotations *after* my reply? -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
