[Freedombox-discuss] CAs and cipher suites for cautious servers like FreedomBox
Keith
keith at fernie.eu
Thu Sep 12 15:44:31 UTC 2013
With a CA on each freedombox there need not be a requirement for a
server.
If my understanding of Tor is right, it is designed for anonymity, not
encryption, should not need a CA for this.
On Thu, 2013-09-12 at 07:18 -0700, cgw993 at aol.com wrote:
> Would a CA require a fast server, a lot of available bandwidth etc? Does
> Tor use a CA?
>
> -----Original Message-----
> From: Freedombox-discuss
> [mailto:freedombox-discuss-bounces+cgw993=aol.com at lists.alioth.debian.org]
> On Behalf Of Keith
> Sent: Thursday, September 12, 2013 3:43 AM
> To: Jonas Smedegaard
> Cc: freedombox-discuss at lists.alioth.debian.org
> Subject: Re: [Freedombox-discuss] CAs and cipher suites for cautious servers
> like FreedomBox
>
> Anyone for setting up a Freedombox CA?
> This could be added to the freedombox as a trusted CA and usable for
> freedombox to freedombox TLS only.
>
>
> On Thu, 2013-09-12 at 11:10 +0200, Jonas Smedegaard wrote:
> > Which TLS certificate authorities (CA) should we trust?
> >
> > Which cipher suites should we tolerate?
> >
> > Ideally the answers are "none" and "only strong ones". But what is
> > more relevant to discuss is *realistic* answers (we can then tighten
> > in later
> > revisions):
> >
> > Which CAs and cipher suites are sensible to use - for now?
> >
> >
> > I imagine there is no "one size fits all". That e.g. serving blog
> > pages should be more pragmatic about [legacy systems] than Plinth
> > admin pages or other [specific applications].
> >
> > Would be nice if those knowledgeable about crypto could propose a
> > shortlist of purposes, and corresponding CAs and cipher suites.
> >
> > We could use such shortlists to verify Plinth code, Apache setup,
> > ca-certificates package configuration etc.
> >
> > Anyone knowledgeable about crypto that can help out?
> >
> >
> > - Jonas
> >
> >
> > [speficic applications]: The Guardian Project currently discuss choice
> > of cipher suites for OTR in their (smartphone) applications:
> > https://lists.mayfirst.org/pipermail/guardian-dev/2013-September/00250
> > 4.html
> >
> > [legacy systems]: CAcert.org discusses BEAST vs. RCA4 impacting MacOS X:
> > https://lists.cacert.org/wws/arc/cacert/2013-09/msg00002.html
> >
> > _______________________________________________
> > Freedombox-discuss mailing list
> > Freedombox-discuss at lists.alioth.debian.org
> > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-dis
> > cuss
>
>
>
> _______________________________________________
> Freedombox-discuss mailing list
> Freedombox-discuss at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
>
>
> _______________________________________________
> Freedombox-discuss mailing list
> Freedombox-discuss at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
More information about the Freedombox-discuss
mailing list