From: Gabriele Galeotti <gabriele.galeotti.xyz@gmail.com>
Subject: Re: SweetAda 0.1g released
Date: Wed, 18 Nov 2020 00:36:03 -0800 (PST) [thread overview]
Message-ID: <04ead9b7-7c21-4b6c-a97d-1231884c1827n@googlegroups.com> (raw)
In-Reply-To: <87wnykp05i.fsf@gaheris.vdwege.eu>
On Tuesday, November 17, 2020 at 2:50:05 PM UTC+1, Mart van de Wege wrote:
> Since we have the key fingerprints, and the certificate is the same,
> both connection are equally secure.
>
> Don't let yourself be frightened by the security theatre around
> certificates. The *only* thing they prove is that a private key that
> belongs to the name in the public key that was certified by a CA
> (Letsencrypt in this case) is on the server you're connecting to. That's
> all. There is nothing more the SSL/TLS protocols can prove.
>
> So the server answering to sweetada.org has access to the same key as
> the server answering to www.sweetada.org. And we know it's the same
> server. Since Letsencrypt certified that the key belonging to the
> www.sweetada.org certificate should be the one presented, and it is,
> that means both servers are equally 'secure'.
>
> Note that I said nothing about whether or not it is a malicious server
> or not; that's not something SSL/TLS can answer.
>
> So don't worry. We know about it, and letsencrypt should normally let
> you fix this easily.
> Mart
>
> --
> "We will need a longer wall when the revolution comes."
> --- AJS, quoting an uncertain source.
Thanks a lot Mart.
Anyway, to have a flag of a site not secure from the browser is aesthetically unpleasant,
I'll try to slowly fix it in the future, no problem.
Best regards
G
next prev parent reply other threads:[~2020-11-18 8:36 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-15 21:16 SweetAda 0.1g released Gabriele Galeotti
2020-11-16 11:52 ` Stéphane Rivière
2020-11-16 14:32 ` Gabriele Galeotti
2020-11-16 20:51 ` Keith Thompson
2020-11-16 21:37 ` Gabriele Galeotti
2020-11-17 8:27 ` Mart van de Wege
2020-11-17 10:49 ` Gabriele Galeotti
2020-11-17 13:45 ` Mart van de Wege
2020-11-18 8:36 ` Gabriele Galeotti [this message]
2020-11-17 18:48 ` DrPi
2020-11-18 8:38 ` Gabriele Galeotti
2020-11-18 18:18 ` DrPi
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox