Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Let's encrypt public beta starts Dec 3
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Let's encrypt public beta starts Dec 3

«13456

Comments

  • Good luck, let me know when they offer 1 year cert.

  • smansman Member
    edited November 2015

    @tommy said:
    Good luck, let me know when they offer 1 year cert.\

    It's just another monthly cron job (they encourage people to renew more often than 90days). I see it in my logwatch emails like everything else.

    Feel free to not use it. Doesn't matter to me.

  • sman said: Feel free to not use it. Doesn't matter to me.

    I don't think his comment was directed to you...

    Thanked by 2tommy 4n0nx
  • Since they delayed this like 4-5 times, I know I'm not using it. I would rather use startssl than this.

    Thanked by 14n0nx
  • joepie91joepie91 Member, Patron Provider

    @TheOnlyDK said:
    Since they delayed this like 4-5 times, I know I'm not using it. I would rather use startssl than this.

    Mind that StartSSL will charge you for revocations of "free" certificates.

    Thanked by 2netomx vRozenSch00n
  • @joepie91 said:
    Mind that StartSSL will charge you for revocations of "free" certificates.

    It's true, but that's only when I need to revoke it. Which I'm having a hard time figuring out why anyone would need this. If you keep your stuff safe and encrypted...

    Thanked by 1rm_
  • joepie91joepie91 Member, Patron Provider

    TheOnlyDK said: It's true, but that's only when I need to revoke it. Which I'm having a hard time figuring out why anyone would need this. If you keep your stuff safe and encrypted...

    Because the security of your certificate is not always under your control. Heartbleed was a reason for preventative revocation (and StartSSL refused to do so), and your provider may get compromised (like happened with Linode). Or you could just have screwed up and accidentally exposed the wrong directory publicly - shit happens.

    Revocation is an important part of the SSL/TLS security model (even if it is not sufficiently enforced), and any CA that charges to revoke certificates is not "free". It's a dubious business model at best.

    Thanked by 1FlamesRunner
  • Good project, I like the idea, but this short certification lifetime is disappointing for me too. :/ (I would like to use it for secondary IRCD's but generate cerificates and rehash the servers every 3 month is not good so probably I can't use too).

  • Perfectly under expectation for another postpone...

    A 90-day cert is really not as good as expected. acceptable though

    Thanked by 14n0nx
  • smansman Member
    edited November 2015

    @justin4869 said:
    Perfectly under expectation for another postpone...

    A 90-day cert is really not as good as expected. acceptable though

    You are right, they suggest renewing every couple weeks instead. They are being smart by focussing on the most important and difficult piece. The client side automation scripts. Getting that right so that it works smoothly across a variety of different platforms is going to take some time.

  • NeoonNeoon Community Contributor, Veteran

    "Its just another cronjob" evil tongues would say another backdoor.

    Its a programm which is running on your box which loads files from the interwebs.

    It could be anything.

    Thanked by 1rm_
  • smansman Member
    edited November 2015

    @Infinity580 said:
    "Its just another cronjob" evil tongues would say another backdoor.

    Its a programm which is running on your box which loads files from the interwebs.

    It could be anything.

    {insert scary music} booga booga. Like cron jobs that do yum updates. Obviously the NSA is involved.

    Thanked by 1frank
  • NeoonNeoon Community Contributor, Veteran

    @sman said:

  • smansman Member
    edited November 2015

    @Nekki said:

    Laser pointer

  • @sman said:

    Explain yourself boy.

  • rm_rm_ IPv6 Advocate, Veteran
    edited November 2015

    sman said: cron jobs that do yum updates

    ...are a horrendous idea.

    Thanked by 1Amitz
  • patrick7patrick7 Member, LIR

    So, if the reason for 90 days really is "security", will it renew the private key too?

  • smansman Member
    edited November 2015

    @rm_ said:
    ...are a horrendous idea.

    Guess you better tell the folks at Redhat/Fedora and Ubuntu that their ideas are "horrendous".

    https://access.redhat.com/discussions/1238193

    https://fedoraproject.org/wiki/AutoUpdates

    https://help.ubuntu.com/community/AutomaticSecurityUpdates

  • @sman said:
    Guess you better tell the folks at Redhat/Fedora and Ubuntu that their ideas are "horrendous".

    Guess you better tell me what the basement thing is about before I perma ban you.

  • rm_rm_ IPv6 Advocate, Veteran

    sman said: Redhat/Fedora and Ubuntu

    Couldn't care less about those.

  • sman said: Guess you better tell the folks at Redhat/Fedora and Ubuntu that their ideas are "horrendous".

    Well, automatic updates are optional on all these distros, and probably not enabled by default.

    There are use cases in which it makes sense (certainly not on servers).

    Thanked by 1vRozenSch00n
  • @TheOnlyDK said:
    Since they delayed this like 4-5 times, I know I'm not using it. I would rather use startssl than this.

    Let's be honest, if nobody used anything because it's release was delayed, we'd still be living in mud huts grunting at a fire.

    Thanked by 1thagoat
  • @Nekki said:

  • @sman What if I told you that the reason you're unable to maintain an erection is because you don't actually know what the basement analogy means?

    Thanked by 3netomx GM2015 4n0nx
  • smansman Member
    edited November 2015

    @Nekki said:
    sman What if I told you that the reason you're unable to maintain an erection...

    Are you like 14 or something?

  • sman said: Are you like 14 or something?

    Come on bitch, out with the explanation and all this can end. You have the power to make this happen.

    Thanked by 1GM2015
  • sman said: It's just another monthly cron job (they encourage people to renew more often than 90days).

    I'm glad to see that they're fucking it up so hard that nobody will use it.

    Website operators are far better off trusting the people earning an honest living making sure SSL certificates provide actual assurance (including insurance policies). But that costs money, boo hoo.

  • lbft said: Website operators are far better off trusting the people earning an honest living making sure SSL certificates provide actual assurance (including insurance policies). But that costs money, boo hoo.

    Bet you can't find me a single user who understands what the certificate insurance covers, and therefore prefers to do business with sites that have insured certificates rather than uninsured certificates.

  • Uhmm dumb question but it works with csr, right?

    Thanked by 1NeoXiD
Sign In or Register to comment.