[cfarm-users] SSH key fingerprints for gcc farm machine
Ben Laurie
ben at links.org
Mon May 6 21:11:57 CEST 2019
On Mon, 6 May 2019 at 06:10, Martin Guy via cfarm-users <
cfarm-users at lists.tetaneutral.net> wrote:
> On 05/05/2019, Jeffrey Walton via cfarm-users
> <cfarm-users at lists.tetaneutral.net> wrote:
> > On Sun, May 5, 2019 at 2:55 PM Olly Betts via cfarm-users
> > <cfarm-users at lists.tetaneutral.net> wrote:
> >> But even a list on an https protected web page seems better than just
> >> having to trust on first use.
> >
> > +1, trusted distribution channels.
>
> Just a technical mini-point: https is cracked. There are hundreds of
> "trusted" certificare issuers, including, for example, the Library of
> Budapest. To man-in-the-middle an https transaction, you only need to
> corrupt one of the "trusted" CIs, issue falsies. With hundreds to
> choose from it's a doddle, and the NSA has millions in budget for
> exactly that purpose!
>
> I was always worried about the "certificate issuer" thing. And it
> turns out I was right!
>
https://www.certificate-transparency.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tetaneutral.net/pipermail/cfarm-users/attachments/20190506/3c51b33d/attachment.html>
More information about the cfarm-users
mailing list