[Bug 772897] New: Consider switching from StartCom to a different CA

Bug ID 772897
Summary Consider switching from StartCom to a different CA
Classification Infrastructure
Product sysadmin
Version unspecified
OS All
Status NEW
Severity minor
Priority Normal
Component Certificates
Assignee sysadmin-maint@gnome.bugs
Reporter userwithuid@gmail.com
QA Contact sysadmin-maint@gnome.bugs
GNOME version ---

As you might have heard, recently, there has been quite the discussion about
the trustworthiness and future of WoSign, who (now not so secretly any more)
owns StartCom: https://wiki.mozilla.org/CA:WoSign_Issues

There has been talk (mozilla/google) and a little action (apple) about
distrusting WoSign certificates in some form, but I doubt they will block
current certs from StartCom - too many sites use them currently.

Nevertheless, if it was not already planned, I want to suggest *.gnome.org
switch to another certificate provider. The practical reason is that the
current cert expires 2017-03 and who knows if the renewed one will be trusted
everywhere? My personal reason is that I want this and other sites not to
support a -imho- bad CA and make it possible to eventually distrust everything
WoSign related without having too much stuff fail, but whatever. :-P One step
at a time: https://kernel.org/gandinet-tls-certificates.html

You are receiving this mail because:

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]