[Freedombox-discuss] CAs and cipher suites for cautious servers like FreedomBox
Eugen Leitl
eugen at leitl.org
Fri Sep 13 06:01:23 UTC 2013
On Thu, Sep 12, 2013 at 04:44:31PM +0100, Keith wrote:
> With a CA on each freedombox there need not be a requirement for a
> server.
>
> If my understanding of Tor is right, it is designed for anonymity, not
> encryption, should not need a CA for this.
Can you get PFS with snakeoil (I presume these are generated during
the installation, is there at all enough entropy at that time so
this is safe?) certs?
Postfix and dovecot in newer versions can do PFS:
http://www.heinlein-support.de/blog/security/perfect-forward-secrecy-pfs-fur-postfix-und-dovecot/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20130913/a7efa6c7/attachment.sig>
More information about the Freedombox-discuss
mailing list