Discuss mailing list

[Erich Eckner <opennic AT eckner.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

I know, that creating properly trusted ssl certificates for opennic 
domains is (currently) impossible. But I'd still like to urge the operator 
of reg.libre to add the reg.libre vhost backend also on https (on any 
certificate). Because, currently, one is forced to use http://reg.libre, 
because https://reg.libre brings up the content from a different vhost 
(after ignoring to the unavoidable certificate warning/error).

I think, using https with a broken certificate is still safer than using 
no https at all - it withstands passive eavesdropping, and also one can 
use tofu to pin the certificate after first use.

btw: This might be true for other sites within opennic's namespace, so 
maybe everyone running sites which handle secret data (e.g. login 
credentials) may want to check their config too :-)

cheers,
Erich

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAl7Hos4ACgkQCu7JB1Xa
e1q43w//TcAlrpHK6oiIyGsJMYbqt09vCYJlHNEKPDORllGqWsM9z349rO6GtJLo
JQKevfO+xUSVC1SfK7v+KtnFHKjzybId1lV2Zh9PzYTIJn9Z1ix/xFwfkgpYhY7Y
YRtDfCoNBA5Z70qXzlSBm7Qx1FARwskdu4VCbQhyCKgYPjWEiJPxANUwuattUBqC
U2OamleBSRPqCdkxFiX3sNmljzuug1Vxbu+N90qLcnA4TIDeUVZS6D5JaP05+UCh
oY333+oU2CEymY85YncIRbvf1hu2MPg1bwrwjYU7lQkSXrSTT48jjwwduzeobiO6
aUPA7403iWTBQex2b+MsriJWJ4XwldbPM2keFUwzORm2QJ5cUdxMftblCc88P/Bn
p9ch6Pv8CnO6djndPiK4yvz3PJNb5xFURJttknjsy0Vy+Jiw7AlUwJ4Dvt49zdj5
96SdM80wleL9JDjreXi9W0w/DjCTIHHFrt3greYTc7nb1bFtQ3Xanf8DBOD8YwPX
rUHS68MORsbc8+5wN0ZQSOv2/y2x6X9a4rbCqwTQQMzs5WEfUsMwWd+w0fxf+RFe
Hsi9ucXEoVuT24R6eTXZWTuUlCgSpTeRHzku9t2l6DfycvZGeXzQh/bQoDnCBenu
m2M/TDOia1EaTgngqzOqdg523MUXyyaPD3TFtCkbc2Gn7s7EAxg=
=/ldp
-----END PGP SIGNATURE-----