News: Announce: SSL certificates renewed [Gna!]

News: Announce: SSL certificates renewed

Group

Main
- Main
- View Members
- Search
Homepage
Docs
- Browse
- Submit
- Edit
- Digest
- Export
- Search
- Savane In Depth Guide
Support
- Browse
- Reset to all open ones
- Submit
- Digest
- Export
- View Statistics
- Search
Mailing Lists
Source Code
- Use Subversion
- Browse Sources Repository
Tasks
- Browse
- Reset to all open ones
- Submit
- Digest
- Export
- View Statistics
- Search
News
- Browse
- Atom Feed
- Submit
- Manage

Show feedback again

Security Announce: SSL certificates renewed

Item posted by Mathieu Roy <yeupou> on Sun 15 Feb 2004 12:07:47 PM UTC.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SSL certificates for gna.org and mail.gna.org has been renewed for 1200 days.

These certificates are not signed by a real certificate authority: their purpose is not to confirm our identity but to provide you a way to be sure that https://gna.org and https://mail.gna.org today are running on the same machine they were yesterday. Also, certificates are required for an https server to run, and https is a way to secure all the data transiting between your computer and our servers, like authentication information.

Mathieu Roy <yeupou@gnu.org> for Gna!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAL2A4Nl9/9y2hmbkRAiPcAJ9Xiga+gQ3id7tXOSD/1Hb/P6U/XQCfTHMy
TfHV7PRmo+hxCvkaoAa5ces=
=e0N+
-----END PGP SIGNATURE-----

Comments:

Message: 108
RE: GPG signing (posted by yeupou, Mon 16 Feb 2004 06:55:35 PM UTC) 1) The signature is not valid because savane add < and > around email address and I had the bad idea to add my address. If you remove the < >, I bet it would be ok. 2) Getting an Savane account cracked is possible. I guess that a gpg key may be cracked too, however I think it is a way tougher job, if not impossible. Security announces should definitely rely on a very secure signature, like GPG, unlike being logged on Gna! Also, security announces at Gna! should not depends on the Gna! structure itself to confirm it is validity: if Gna! was cracked, it would be easy to make false announces if the checks on the announces are made with Gna! specific stuff itself. In this case, it would takes Gna! to be cracked and my own GPG key to be cracked, two things unlikely to happen at the same time.

Message: 108

RE: GPG signing (posted by yeupou, Mon 16 Feb 2004 06:55:35 PM UTC)

1) The signature is not valid because savane add < and > around email address and I had the bad idea to add my address.

If you remove the < >, I bet it would be ok.

2) Getting an Savane account cracked is possible. I guess that a gpg key may be cracked too, however I think it is a way tougher job, if not impossible. Security announces should definitely rely on a very secure signature, like GPG, unlike being logged on Gna! Also, security announces at Gna! should not depends on the Gna! structure itself to confirm it is validity: if Gna! was cracked, it would be easy to make false announces if the checks on the announces are made with Gna! specific stuff itself.
In this case, it would takes Gna! to be cracked and my own GPG key to be cracked, two things unlikely to happen at the same time.

Thread	Author	Date
GPG signing	zerodeux	Mon 16 Feb 2004 01:11:50 PM UTC
RE: GPG signing	yeupou	Mon 16 Feb 2004 06:55:35 PM UTC
RE: GPG signing	vincent3	Sun 19 May 2013 12:43:36 PM UTC
RE: GPG signing 2	yeupou	Mon 16 Feb 2004 07:01:47 PM UTC
RE: GPG signing 2	yeupou	Mon 16 Feb 2004 07:02:22 PM UTC
RE: GPG signing	jordearmess	Tue 23 Oct 2012 09:38:42 AM UTC

Post a followup to this message

You could post if you were logged in

Show feedback again