Hi Nik,
You're right that the comment wasn't helpful - I used the same comment
for every server that scored "F".
I'll reply more later - just running out the door here.
Peter
On 8/24/14, 8:32 AM, Nikolaus Polak wrote:
Hello,
I've no problem with the removal of 0nl1ne.at from the xmpp.net index,
the only thing I wanted to tell public to stpeter: the comment is wrong,
"insecure server" would mean that I failed to generate a new private key
and a new certificate.
(Link to commit:
https://github.com/stpeter/xmppdotnet/commit/3536374e66864f0a366775388455d6d374005af6
)
As already written on this mailing list, StartSSL refused to renew my
0nl1ne.at certificate because of the name (I could try to fool
online.at-Users), which I understand partly.
I tried to switch to CaCert: but then 30% of S2S wasn't working after
that because of their new signing method, which I also discussed on this
mailing list, and nobody got until now a solution for that.
Perhaps you should remove all with certs older than a few months too
from the index (easy: at least all CaCert signed which still have
perfectly working S2S ;)), as not renewing after heartbleed is really,
really insecure.
I even paid for revoking all my other certs on startssl.com, guess there
are not much people out there who do this for a free service.
Sorry for this "small rant", with best regards,
Nik
