[Freedombox-discuss] CAs and cipher suites for cautious servers like FreedomBox
Eugen Leitl
eugen at leitl.org
Thu Sep 12 11:57:52 UTC 2013
On Thu, Sep 12, 2013 at 11:43:28AM +0100, Keith wrote:
> Anyone for setting up a Freedombox CA?
> This could be added to the freedombox as a trusted CA and usable for
> freedombox to freedombox TLS only.
A CA appears counterproductive. End users should use
self-signed certs, or each Freedombox issue contain
their own CA.
The only source of centralism is the Debian package
depository. Notice that the way Debian signing
secrets are currently maintained is not secure, and
would allow large scale attacks against the Freedombox
network.
Due to the information recently released, his is no
longer a remote possibility, but should be central
to the threat model.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20130912/ad6f9019/attachment.sig>
More information about the Freedombox-discuss
mailing list