[Dailydave] Open Source CA

Kristian Erik Hermansen kristian.hermansen at gmail.com
Fri Dec 4 12:37:56 EST 2015


It now means that the entire web can move to HTTPS by default and there are
no excuses for not having an HTTPS certificate any longer. Eg. When you
type www.whateversite.com into your browser, by default, an HTTPS
connection can be made instead. Unencrypted HTTP can die now. The issue of
backdoors in Certificate Authorities still exists though, because nation
state laws permit gov to obtain CA private keys and perform intermediation.
Therefore, we also need to ensure public key pinning and validation of
per-site certificates in order to identify rogue site certificates being
generated that were not issued by the site itself. Stay safe! :)
On Dec 4, 2015 8:40 AM, "Charisse Castagnoli" <charisse at charissec.com>
wrote:

> Because there are many smart people on this list, I ask how would you
> evaluate this just released tool:
>
> https://letsencrypt.org/
>
> I'm too old to read source code and cert/key gen is specialized knowledge
> in any case.
>
> Comments?
>
> charisse
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20151204/9136bd57/attachment.html>


More information about the Dailydave mailing list