ok, well there's no such thing as https://www.opensmtpd.org, I will make sure nginx does not redirect to poolp.org in such case
yOn Sun, Mar 30, 2014 at 08:10:31PM +0200, St?phane Guedon wrote: > Le dimanche 30 mars 2014 14:04:38, vous avez ??crit : > > you guys are talking about the website right ? > > yeah (tried to make a joke, but couldn't find a good one... sorry !) > > > > > 2014-03-30 13:26 GMT+02:00 Hugo Osvaldo Barrera <[email protected]>: > > > On 2014-03-30 10:21, St??phane Guedon wrote: > > > > Le dimanche 30 mars 2014 07:33:55, vous avez ??crit : > > > > > I believe the opensmtp project is taking the right approach. > > > > > Decisions about certification strategies are more business > > > > > than > > > > > technical, and, I suggest, the opensmtp project is not here to > > > > > make > > > > > business recommendations, even implicit ones. Wikipedia > > > > > document > > > > > some things to consider, including > > > > > http://en.wikipedia.org/wiki/X.509#Security ??? see problems > > > > > with > > > > > certificate authorities. > > > > > > > > I know some of the critics and agree with them. > > > > But that remains : opensmtpd.org uses poolp.org certificates. > > > > It's not good. > > > > > > Indeed. Not-using SSL would be one thing. A wrong cert is another. > > > > > > > > Having said that, I most certainly do not speak for the > > > > > opensmtp > > > > > project; indeed, I do not speak for anyone apart from me, and > > > > > am > > > > > most probably talking nonsense. > > > > > > > > > > If I were to use certificates that had to be trustable by > > > > > strangers, I??d use a certification authority from an > > > > > established organisation whose business depended on them > > > > > being trusted. By coincidence, I live in an international > > > > > banking centre, so I??ve a rich choice (ho ho). > > > > > > > > The project can also use Cacert. That makes much more sense, the > > > > certificates are well signed, correspond to the actual address > > > > the > > > > person want to visit, and there's chance that an opensmtpd user > > > > (because of free software mind / knowledges / enthousiasm) has > > > > some > > > > knowledge of cacert so either he trusts it already, or he knows > > > > he can and how to do things... > > > > > > The huge downside with cacert is that no major browser or OS trust > > > it. Even debian recently dropped it from it's bundle. So most > > > users will get a rather unfriendly message from their browser. > > > > > > StartSSL's have all that you mention above, plus, trust from major > > > browsers. They're free as well, of course. > > > > > > > > Dylan Harris > > > > > ?? a broad Brit abroad ?? > > > > > > > > > > On 30/03/2014 04:40, "Hugo Osvaldo Barrera" <[email protected]> > wrote: > > > > > >On 2014-03-29 19:26, St??phane Guedon wrote: > > > > > >> Hello > > > > > >> > > > > > >> I don't like to behave like an asshole and say stupid > > > > > >> things to > > > > > >> cool peoples... but the ssl certs for opensmtpd.org are > > > > > >> valid > > > > > >> only for poolp.org. > > > > > >> > > > > > >> You don't use dnssec, neither good ssl certs ... ? > > > > > >> > > > > > >> Sorry for annoyement. > > > > > > > > > > > >Hit to the dev: StartSSL give out free SSL certificate that > > > > > >are > > > > > >trusted by all major browsers and OSs. That + SNI should fix > > > > > >that. > > > > > > > > > > > >:) > > > > > > > > -- > > > > You received this mail because you are subscribed to > > > > [email protected] To unsubscribe, send a mail to: > > > > [email protected]> > > > -- > > > Hugo Osvaldo Barrera > > > A: No, it doesn't make sense. > > > Q: Should I include quotations *after* my reply? > > > -- > You received this mail because you are subscribed to [email protected] > To unsubscribe, send a mail to: [email protected] > -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
