From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.5-pre1 (2020-06-20) on ip-172-31-74-118.ec2.internal X-Spam-Level: * X-Spam-Status: No, score=1.8 required=3.0 tests=BAYES_50,FORGED_GMAIL_RCVD, FREEMAIL_FROM autolearn=no autolearn_force=no version=3.4.5-pre1 X-Received: by 2002:ac8:5c0e:: with SMTP id i14mr3515317qti.328.1605688563821; Wed, 18 Nov 2020 00:36:03 -0800 (PST) X-Received: by 2002:aed:2662:: with SMTP id z89mr3143892qtc.70.1605688563667; Wed, 18 Nov 2020 00:36:03 -0800 (PST) Path: eternal-september.org!reader02.eternal-september.org!feeder.eternal-september.org!news.gegeweb.eu!gegeweb.org!usenet-fr.net!proxad.net!feeder1-2.proxad.net!209.85.160.216.MISMATCH!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail Newsgroups: comp.lang.ada Date: Wed, 18 Nov 2020 00:36:03 -0800 (PST) In-Reply-To: <87wnykp05i.fsf@gaheris.vdwege.eu> Complaints-To: groups-abuse@google.com Injection-Info: google-groups.googlegroups.com; posting-host=79.51.60.190; posting-account=JRF_-woAAABYlsAtkCl_CUxBuQy2SsaQ NNTP-Posting-Host: 79.51.60.190 References: <46155ba8-785c-4503-81bc-a0a3cf3acd63n@googlegroups.com> <87h7ppowis.fsf@nosuchdomain.example.com> <85d6240f-6877-4883-958a-45eff606abe3n@googlegroups.com> <871rgsqtfv.fsf@gaheris.vdwege.eu> <07d9e1d0-734f-47bf-87e8-33942173036cn@googlegroups.com> <87wnykp05i.fsf@gaheris.vdwege.eu> User-Agent: G2/1.0 MIME-Version: 1.0 Message-ID: <04ead9b7-7c21-4b6c-a97d-1231884c1827n@googlegroups.com> Subject: Re: SweetAda 0.1g released From: Gabriele Galeotti Injection-Date: Wed, 18 Nov 2020 08:36:03 +0000 Content-Type: text/plain; charset="UTF-8" Xref: reader02.eternal-september.org comp.lang.ada:60601 List-Id: On Tuesday, November 17, 2020 at 2:50:05 PM UTC+1, Mart van de Wege wrote: > Since we have the key fingerprints, and the certificate is the same, > both connection are equally secure. > > Don't let yourself be frightened by the security theatre around > certificates. The *only* thing they prove is that a private key that > belongs to the name in the public key that was certified by a CA > (Letsencrypt in this case) is on the server you're connecting to. That's > all. There is nothing more the SSL/TLS protocols can prove. > > So the server answering to sweetada.org has access to the same key as > the server answering to www.sweetada.org. And we know it's the same > server. Since Letsencrypt certified that the key belonging to the > www.sweetada.org certificate should be the one presented, and it is, > that means both servers are equally 'secure'. > > Note that I said nothing about whether or not it is a malicious server > or not; that's not something SSL/TLS can answer. > > So don't worry. We know about it, and letsencrypt should normally let > you fix this easily. > Mart > > -- > "We will need a longer wall when the revolution comes." > --- AJS, quoting an uncertain source. Thanks a lot Mart. Anyway, to have a flag of a site not secure from the browser is aesthetically unpleasant, I'll try to slowly fix it in the future, no problem. Best regards G