Re: [dev] Allow secure access to Web site suckless.org

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Markus Teich <markus.teich_AT_stusta.mhn.de>
Date: Wed, 3 Aug 2016 13:51:27 +0200

FRIGN wrote:
> Even if you use self-signed certificates on your server, which provide 0
> guarantee that the server you are contacting really is the "right" one, it
> still means the traffic itself is encrypted, with all benefits of it.

Heyho,

In our case it would do nothing. There is no "secret" data available through the
suckless site, since there is no login mechanism, everything is publicly
available. Therefore encryption does not help at all. I don't see any other
possible benefits of encryption besides confidency.

What we want to achieve is authentication. We want to be sure the data received
is actually from suckless.org and not from some random governments MitM. A
self-signed certificate connection can still easily be attacked by a MitM if you
don't establish trust to the used certificate and maintain it (pinning) which is
hard without a CA or WoT.

--Markus
Received on Wed Aug 03 2016 - 13:51:27 CEST

This archive was generated by hypermail 2.3.0 : Wed Aug 03 2016 - 14:00:29 CEST