newsNews: Announce: SSL certificates renewed

Show feedback again
Latest News
Gna! closing soon posted by beuc, Tue Jan 31 22:31:06 2017 - 5 replies
mail subsystem upgraded posted by beuc, Sat May 23 18:17:18 2015 - 1 reply
dl/home/cvs/svn/ upgraded to debian8 posted by beuc, Thu May 21 22:12:23 2015 - 2 replies SSL certificate renewed posted by zerodeux, Thu Apr 24 07:13:06 2014 - 4 replies
Heartbleed status and measures posted by beuc, Wed Apr 9 09:47:29 2014 - 2 replies
[125 news in archive]

Security Announce: SSL certificates renewed

Item posted by Mathieu Roy <yeupou> on Sun Feb 15 12:07:47 2004.

Hash: SHA1

SSL certificates for and has been renewed for 1200 days.

These certificates are not signed by a real certificate authority: their purpose is not to confirm our identity but to provide you a way to be sure that and today are running on the same machine they were yesterday. Also, certificates are required for an https server to run, and https is a way to secure all the data transiting between your computer and our servers, like authentication information.

Mathieu Roy <> for Gna!
Version: GnuPG v1.2.4 (GNU/Linux)



Message: 108
RE: GPG signing (posted by yeupou, Mon Feb 16 18:55:35 2004)

1) The signature is not valid because savane add < and > around email address and I had the bad idea to add my address.

If you remove the < >, I bet it would be ok.

2) Getting an Savane account cracked is possible. I guess that a gpg key may be cracked too, however I think it is a way tougher job, if not impossible. Security announces should definitely rely on a very secure signature, like GPG, unlike being logged on Gna! Also, security announces at Gna! should not depends on the Gna! structure itself to confirm it is validity: if Gna! was cracked, it would be easy to make false announces if the checks on the announces are made with Gna! specific stuff itself.
In this case, it would takes Gna! to be cracked and my own GPG key to be cracked, two things unlikely to happen at the same time.

Thread Author Date
GPG signingzerodeuxMon Feb 16 13:11:50 2004
      RE: GPG signingyeupouMon Feb 16 18:55:35 2004
      RE: GPG signing 2yeupouMon Feb 16 19:01:47 2004
            RE: GPG signing 2yeupouMon Feb 16 19:02:22 2004


Post a followup to this message

You could post if you were logged in
Show feedback again

Back to the top

Powered by Savane 3.1-cleanup