newsNews: Announce: SSL certificates renewed

 
 
Show feedback again
Latest News
Heartbleed status and measures posted by beuc, Wed 09 Apr 2014 09:47:29 AM UTC - 0 replies
mail subsystem automatically reinstalled posted by beuc, Sat 08 Mar 2014 11:02:17 PM UTC - 0 replies
Reboot posted by beuc, Tue 04 Mar 2014 10:14:15 PM UTC - 2 replies
download+homepage subsystem automatically reinstalled posted by beuc, Sun 02 Mar 2014 09:53:20 PM UTC - 8 replies
svn+cvs subsystem automatically reinstalled posted by beuc, Sat 01 Mar 2014 04:46:40 PM UTC - 0 replies
[121 news in archive]

Security Announce: SSL certificates renewed

Item posted by Mathieu Roy <yeupou> on Sun 15 Feb 2004 12:07:47 PM UTC.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SSL certificates for gna.org and mail.gna.org has been renewed for 1200 days.

These certificates are not signed by a real certificate authority: their purpose is not to confirm our identity but to provide you a way to be sure that https://gna.org and https://mail.gna.org today are running on the same machine they were yesterday. Also, certificates are required for an https server to run, and https is a way to secure all the data transiting between your computer and our servers, like authentication information.

Mathieu Roy <yeupou@gnu.org> for Gna!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAL2A4Nl9/9y2hmbkRAiPcAJ9Xiga+gQ3id7tXOSD/1Hb/P6U/XQCfTHMy
TfHV7PRmo+hxCvkaoAa5ces=
=e0N+
-----END PGP SIGNATURE-----

Comments:

Message: 108
RE: GPG signing (posted by yeupou, Mon 16 Feb 2004 06:55:35 PM UTC)

1) The signature is not valid because savane add < and > around email address and I had the bad idea to add my address.

If you remove the < >, I bet it would be ok.

2) Getting an Savane account cracked is possible. I guess that a gpg key may be cracked too, however I think it is a way tougher job, if not impossible. Security announces should definitely rely on a very secure signature, like GPG, unlike being logged on Gna! Also, security announces at Gna! should not depends on the Gna! structure itself to confirm it is validity: if Gna! was cracked, it would be easy to make false announces if the checks on the announces are made with Gna! specific stuff itself.
In this case, it would takes Gna! to be cracked and my own GPG key to be cracked, two things unlikely to happen at the same time.

Thread Author Date
GPG signingzerodeuxMon 16 Feb 2004 01:11:50 PM UTC
      RE: GPG signingyeupouMon 16 Feb 2004 06:55:35 PM UTC
      RE: GPG signing 2yeupouMon 16 Feb 2004 07:01:47 PM UTC
            RE: GPG signing 2yeupouMon 16 Feb 2004 07:02:22 PM UTC

 

Post a followup to this message

You could post if you were logged in
Show feedback again

Back to the top


Powered by Savane 3.1-cleanup