[Freedombox-discuss] CAs and cipher suites for cautious servers like FreedomBox

cgw993 at aol.com cgw993 at aol.com
Thu Sep 12 14:18:10 UTC 2013


Would a CA require a fast server, a lot of available bandwidth etc?   Does
Tor use a CA?

-----Original Message-----
From: Freedombox-discuss
[mailto:freedombox-discuss-bounces+cgw993=aol.com at lists.alioth.debian.org]
On Behalf Of Keith
Sent: Thursday, September 12, 2013 3:43 AM
To: Jonas Smedegaard
Cc: freedombox-discuss at lists.alioth.debian.org
Subject: Re: [Freedombox-discuss] CAs and cipher suites for cautious servers
like FreedomBox

Anyone for setting up a Freedombox CA?
This could be added to the freedombox as a trusted CA and usable for
freedombox to freedombox TLS only.


On Thu, 2013-09-12 at 11:10 +0200, Jonas Smedegaard wrote:
> Which TLS certificate authorities (CA) should we trust?
> 
> Which cipher suites should we tolerate?
> 
> Ideally the answers are "none" and "only strong ones".  But what is 
> more relevant to discuss is *realistic* answers (we can then tighten 
> in later
> revisions):
> 
> Which CAs and cipher suites are sensible to use - for now?
> 
> 
> I imagine there is no "one size fits all".  That e.g. serving blog 
> pages should be more pragmatic about [legacy systems] than Plinth 
> admin pages or other [specific applications].
> 
> Would be nice if those knowledgeable about crypto could propose a 
> shortlist of purposes, and corresponding CAs and cipher suites.
> 
> We could use such shortlists to verify Plinth code, Apache setup, 
> ca-certificates package configuration etc.
> 
> Anyone knowledgeable about crypto that can help out?
> 
> 
>  - Jonas
> 
> 
> [speficic applications]: The Guardian Project currently discuss choice 
> of cipher suites for OTR in their (smartphone) applications:
> https://lists.mayfirst.org/pipermail/guardian-dev/2013-September/00250
> 4.html
> 
> [legacy systems]: CAcert.org discusses BEAST vs. RCA4 impacting MacOS X: 
> https://lists.cacert.org/wws/arc/cacert/2013-09/msg00002.html
> 
> _______________________________________________
> Freedombox-discuss mailing list
> Freedombox-discuss at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-dis
> cuss



_______________________________________________
Freedombox-discuss mailing list
Freedombox-discuss at lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss




More information about the Freedombox-discuss mailing list