33 Years of the Digest ... founded August 21, 1981
Copyright © 2015 E. William Horne. All Rights Reserved.
The Telecom Digest for Jun 22, 2015
|Thank God, under our Constitution there was no connection between church and state.|
|James K. Polk|
See the bottom of this issue for subscription and archive details.
|Date: Sat, 20 Jun 2015 09:54:00 +0200
From: Marc Haber <email@example.com>
Subject: Re: Let's Encrypt
"John Levine" <firstname.lastname@example.org> wrote:
>>I've been reading about Let's Encrypt for a while. I understand that a
>>fair amount of their trust that you are who you say you are is by
>>demonstrating you have control over your DNS records. I look forward
>>to something like this. I've been using self-signed certificates for
>>years to get encryption (like on the squirrelmail client I'm writing
>>this on), but have to deal with the security warnings and explain to
>>other people that it's ok.
>If you're willing to deal with the normal cert config hassle, Startssl
>issues certs for free, and their CA is in
>most current browsers so there's no warnings. They validate you by
>sending email to either a WHOIS contact, or a standard contact
>address such as webmaster@domain. Takes about 15 minutes.
They will also only allow you to renew the certificate in a
ridiculously short time window before the old cert expires, and they
will charge a rather stiff fee for a revocation. They didn't waive
that fee when the Heartbleed bug compromised most certificates on the
They thus do a rather good job in reducing overall security.
-- ------------------ !! No courtesy copies, please !! ------------------ Marc Haber | " Questions are the | Mailadresse im Header Mannheim, Germany | Beginning of Wisdom " |http://www.zugschlus.de/ Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
|Date: Sun, 21 Jun 2015 00:48:10 -0400 From: tlvp <mPiOsUcB.EtLlLvEp@att.net> To: email@example.com. Subject: Impending demise of GSM foreseen Message-ID: <firstname.lastname@example.org> The attention-grabbing headline may focus on 2017, but that turns out to be a bit premature, or simply alarmist click-bait: read the whole article, "GSM wireless will die in 2017, and that's bad news for older devices", at http://www.pcworld.com/article/2935952/gsm-switch-off-good-news-for-phone-users-not-for-connected-devices.html . Enjoy. Cheers, -- tlvp -- Avant de repondre, jeter la poubelle, SVP.|
|Date: Thu, 18 Jun 2015 11:41:00 -0500 From: Doug McIntyre <email@example.com> To: firstname.lastname@example.org. Subject: Re: Let's Encrypt Message-ID: <76adnSYzFscBaR_InZ2dnUU7-dudnZ2d@giganews.com> "Harold Hallikainen" <email@example.com> writes: >I've been reading about Let's Encrypt for a while. I understand that a >fair amount of their trust that you are who you say you are is by >demonstrating you have control over your DNS records. I look forward >to something like this. I've been using self-signed certificates for >years to get encryption (like on the squirrelmail client I'm writing >this on), but have to deal with the security warnings and explain to >other people that it's ok. As somebody else mentioned, StartSSL offers domain-validated SSL certs for free right now. Their interface isn't the most user friendly, but it is functional. The main twist for letsencrypt is it is backed by the EFF & Mozilla and they will apparently have a one-click solution to "just turn it on". Right now in the market, there are 3 levels of "trust" for SSL certs, which, for 99.99% of the end-users out there, mostly boil down to "Is it working?", or, potentially, "Does it make the address bar green?" The Domain-Validated cert either uses email authentication (off to 6 fixed email "administrative" addresses), or can also do DNS validation or meta-tag validation on the existing site (GlobalSign offers all 3). Just to prove that the person requesting the cert has some level of admin control over the site itself. The Orginization-Validated cert goes a little bit further, by listing the company in the certs X.509 fields (ie. O=, OU=, C=, etc. ) to "proove" that the company that holds the cert is the company listed in the cert. Almost no end-user bothers to look at them this deeply. The Extended-Validated cert is much like the OV cert, with additional checks of the company trying to get one to make sure that company is who they say they are. But really people look only at the green address bar to see if they are "secure", which has been getting less and less visible lately. Finally, in a recent RFC (6698) is a process to replace a central certificate authority with DANE (DNS-Based Authentication of Named Entities), and let you publish TLSA records in DNS specifying your certificate details. If signed off on with DNSSEC, some future web browser versions theoretically would trust the trust anchor in DNS you have specified with DANE without having to deal with any external CA authority. But as of yet, I only know of extentions to Chrome that will do this. -- Doug McIntyre firstname.lastname@example.org|
TELECOM Digest is an electronic journal devoted mostly to telecom- munications topics. It is circulated anywhere there is email, in addition to Usenet, where it appears as the moderated newsgroup 'comp.dcom.telecom'.
TELECOM Digest is a not-for-profit educational service offered to the Internet by Bill Horne.
The Telecom Digest is moderated by Bill Horne.
43 Deerfield Road
Sharon MA 02067-2301
bill at horne dot net
This Digest is the oldest continuing e-journal about telecomm- unications on the Internet, having been founded in August, 1981 and published continuously since then. Our archives are available for your review/research. We believe we are the oldest e-zine/mailing list on the internet in any category! URL information: http://telecom-digest.org Copyright © 2015 E. William Horne. All rights reserved.
Finally, the Digest is funded by gifts from generous readers such as yourself. Thank you!
All opinions expressed herein are deemed to be those of the author. Any organizations listed are for identification purposes only and messages should not be considered any official expression by the organization.