[Bug 772897] New: Consider switching from StartCom to a different CA
- From: "sysadmin" (GNOME Bugzilla) <bugzilla gnome org>
- To: gnome-infrastructure gnome org
- Subject: [Bug 772897] New: Consider switching from StartCom to a different CA
- Date: Thu, 13 Oct 2016 22:10:25 +0000
| Bug ID |
772897
|
| Summary |
Consider switching from StartCom to a different CA
|
| Classification |
Infrastructure
|
| Product |
sysadmin
|
| Version |
unspecified
|
| OS |
All
|
| Status |
NEW
|
| Severity |
minor
|
| Priority |
Normal
|
| Component |
Certificates
|
| Assignee |
sysadmin-maint@gnome.bugs
|
| Reporter |
userwithuid@gmail.com
|
| QA Contact |
sysadmin-maint@gnome.bugs
|
| GNOME version |
---
|
As you might have heard, recently, there has been quite the discussion about
the trustworthiness and future of WoSign, who (now not so secretly any more)
owns StartCom: https://wiki.mozilla.org/CA:WoSign_Issues
There has been talk (mozilla/google) and a little action (apple) about
distrusting WoSign certificates in some form, but I doubt they will block
current certs from StartCom - too many sites use them currently.
Nevertheless, if it was not already planned, I want to suggest *.gnome.org
switch to another certificate provider. The practical reason is that the
current cert expires 2017-03 and who knows if the renewed one will be trusted
everywhere? My personal reason is that I want this and other sites not to
support a -imho- bad CA and make it possible to eventually distrust everything
WoSign related without having too much stuff fail, but whatever. :-P One step
at a time: https://kernel.org/gandinet-tls-certificates.html
You are receiving this mail because:
- You are watching the QA Contact of the bug.
- You are watching the assignee of the bug.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
