>
> I am not sure what Kyle means by "encryption hides attacks".
Interfaces designed for humans are frequent targets for attack. Network
monitoring tools are incredibly helpful for identifying compromised
machines, bots, and humans trying to bust in. So yes, encryption does hide
attack activity
PS: If one single server (or group of identical servers, horizontally
scaled) needs to respond to multiple hostnames, I would use a single SAN
cert with multiple hostnames.
If multiple entirely different servers just happen to be different *.
university.edu -- I would not use a SAN cert or a
There's no reason you _need_ to use a wildcard cert for many hosts. You can
use a separate cert for each. The reason people prefer a wildcard cert is
because it was a pain to _get_ and keep track of all those certs.
letsencrypt archicture encourages you to just do that. The certs are
for Libraries [mailto:CODE4LIB@LISTS.CLIR.ORG] On Behalf Of William
Denton
Sent: Monday, June 19, 2017 1:57 PM
To: CODE4LIB@LISTS.CLIR.ORG
Subject: Re: [CODE4LIB] [lita-l] Public institutions using Let's Encrypt for
security certificates?
On 18 June 2017, Jonathan Rochkind wrote:
> I'm actually hav
I almost wrote it wouldn't work, but what works always depends on the
particulars of your situation. For example, depending on how many domains
you need and what mechanisms you're using, you might be able to use Subject
Alternative Name (SAN) certificates to mitigate the lack of a wildcard
In my experience, it has become very easy to setup renewal. It has gotten
easier with every release.
Cary
On Mon, Jun 19, 2017 at 7:55 AM Kyle Breneman
wrote:
> Thanks for chiming in, Kyle. I think, in your second-to-last sentence, you
> were about to say
Here's a thread about per-TLD rate limits being a problem for universities;
it seems per a post at the end of that thread that letsencrypt might exempt
your institution from ratelimits, but an official agent of the university
needs to submit the request:
Thanks for that detailed and interesting reply, Jonathan.
On Sun, Jun 18, 2017 at 12:35 PM, Jonathan Rochkind
wrote:
> Just to clarify, by "Commercial certificates offer stronger proof of
> identity", you mean an "Extended Validation" (EV) certificate.
>
Just to clarify, by "Commercial certificates offer stronger proof of
identity", you mean an "Extended Validation" (EV) certificate.
https://en.wikipedia.org/wiki/Extended_Validation_Certificate
If you are getting a 'commercial certificate' that is a standard 'domain
validated' cert instead of an
We are starting to roll out LetsEncrypt for all of our services and clients who
do not use or want commercial certificates.
Note that LetsEncrypt offers only domain authentication, in most cases
specifically validated by your control of the server. Commercial certificates
offer stronger proof
10 matches
Mail list logo