Date: Thu, 08 May 2014 07:23:14 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: freebsd-questions@freebsd.org Subject: Re: svn https access Message-ID: <536B22D2.3060503@infracaninophile.co.uk> In-Reply-To: <CAGBmCT6VdeTFBUFG_esE60XhYP7AR_1taRoAqgV3u0ShXbh2yA@mail.gmail.com> References: <CAGBmCT6VdeTFBUFG_esE60XhYP7AR_1taRoAqgV3u0ShXbh2yA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Aj2fr6QkTrXSSFrubmTBVXEKQQ2PFvKGk Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 07/05/2014 21:46, pete wright wrote: > loading that site in firefox gives a warning indicating that the CA is > not registered as well. is this done on purpose? kind of hesitant to > enable pkg fingerprints on my nodes if i could be using a potentially > forged fingerprint. In principle, now that freebsd.org is DNSSEC enabled, any SSL key can be securely identified as belonging to the FreeBSD project by including a key digest in the DNS. See RFC 6698. However I can't seem to find any TLSA records associated with 'svn.freebsd.org' or 'svn0.us-east.freebsd.org' [*] or 'svnmir.nyi.freebsd.org'. This method has the advantage that you don't need to spend money buying certs from CAs. However, support in browsers and other software is going to be patchy at best, so manual verification will be necessary. Cheers, Matthew [*] A CNAME, so there couldn't be a TLSA record anyhow. --=20 Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey JID: matthew@infracaninophile.co.uk --Aj2fr6QkTrXSSFrubmTBVXEKQQ2PFvKGk Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJ8BAEBCgBmBQJTayLTXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATBX8P/0V1ntCv6xHGnLB9JxbYGXxA ddJOgPA+G4B0CNJbkhPKGo6RqLDLVsr0L76/oDMebOssuuMs56/XiqZXbdUNv7Ar YdsU62D4MRmM/d3gw07a3+SdGVObQlnLmwiJVbrpbdmJvGp2AyId2mNkEV4MnWlw 2wCnrhKpTOQj0j13Qe9y6z1q3MzP8KQCU+2AL3RQ2/yLB7ZMVMtZ2ChHCqBHsCBZ 4ua1QE0F20Wl9GpEascB3gnistXeHVoNmG7GskLbbJX8TeAgVVnxjAcYnvD9urDL hba/0qnHChCeceNbtidefG5+swjNFRxCVLhMDxI+4aDChR6VVmB8uli0oxC19RGt eDAXTk6N4FwVwBe2ny6AlP432VsZ/3lmlFP6YVP/kRTpTT4dZKud/19Min2DA4ac 7H3QnX6RXHDry+Q1VJCJt+6Z/AhQOONJGhRlYAtQHwRqCn0nv6M2nCQX16MKP7e8 nIwx4Ld0aUiMi7Srdc5dgrXxi1B929tSLBYP3iAI5qJIhzZDYUfwOflxMezzuYZe XJ5phyMd9zA4maERTgWe5xmcUZ5kvaA6tSyar/PYgmAZ16rzeDZCXMaalGxs3fH8 TgAUr27pe7cVIovSz4rQlJ2ZiA9QPzsVToR5ysVGnL0lbcABofizOyDIlDcFHiTU FSH2hJFaaSkbG1smt/mu =TMPP -----END PGP SIGNATURE----- --Aj2fr6QkTrXSSFrubmTBVXEKQQ2PFvKGk--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?536B22D2.3060503>