[Debian-l10n-devel] SSL support for the services on i18n.debian.net
Hideki Yamane
henrich at debian.or.jp
Thu Aug 7 13:38:34 UTC 2008
On Thu, 7 Aug 2008 14:34:24 +0200
Christian Perrier <bubulle at debian.org> wrote:
> > I think Self-Signed SSL Certification is evil (and some web browsers -
> > for example - Iceweasel, Epiphany, Konqueror and Firefox warn to us) and
> > not enough to trust... do you have a plan to improve this issue?
>
>
> Certainly an interesting suggestion, thanks for this.
>
> Felipe, Nicolas and I will talk with the Debian admin team in order to
> get a more "valid" certificate for i18n.d.n
Great :-)
and I would ask Debian admin team (DSA) to check all of HTTPS site
related to Debian not to use Self-Signed SSL Certification.
It's hard, but...
* "Trust" is important.
* We cannot buy "Trust".
* But it's easy to destroy "Trust". Self-Signed SSL Certification is one of them.
Debian is based on many people's Trust, I think. So if we use https,
we must use valid Certification for that.
And surely you know that,
"Multiple DNS implementations vulnerable to cache poisoning" is coming...
http://www.kb.cert.org/vuls/id/800113
If we trust any Self-Signed SSL Certification, we will be cheated...easily.
We should avoid such thing.
# if we does not have enough money for SSL Certification, I'll ask
Debian people in Japan (include me) to donate... hehe ;-)
--
Regards,
Hideki Yamane henrich @ debian.or.jp/iijmio-mail.jp
http://wiki.debian.org/HidekiYamane
More information about the Debian-l10n-devel
mailing list