delorie.com/archives/browse.cgi | search |
X-Authentication-Warning: | delorie.com: mail set sender to geda-user-bounces using -f |
X-Recipient: | geda-user AT delorie DOT com |
X-Original-DKIM-Signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; d= |
messagingengine.com; h=content-transfer-encoding:content-type | |
:date:from:in-reply-to:message-id:mime-version:references | |
:reply-to:subject:to:x-me-proxy:x-me-proxy:x-me-sender | |
:x-me-sender:x-sasl-enc; s=fm1; bh=/rMLVMR0lPJH73hrYyDt8OIuMpIgW | |
1L+hzFO3jfEPTw=; b=A/Cs5Xtm0zJjLNj7tz3bHTzdzr8tiVpPnIe4WR81evbA6 | |
taTIl3FPDF28AHA2JTcEXWoZhNfT0Anjrwub4DX4Myh1PS+EaYpmjNVQf3FDyw+k | |
ByMGCJW5ByCbf9avtV1cMlUZpSPyQb8fY+DuyOBLHYl3xt9c7+c7dLR0XI9xHmRF | |
TeVQO0HMEqBZP6l2M1F5kEBmDZG0hpefJDMZb1LdPfch5bDyY80ROgSbtjrc9KEX | |
hYDxz1ovY2QO139EQQ7D/ATMSPFFNWb3HLwnqukxDYz1mC9nR/ZILM/Er0BccGQ5 | |
2+mSFdeVW7ivn+i7QD62h5Q3AT7/ghfyG/wNIKQow== | |
X-ME-Sender: | <xms:jIL7X-gmVVIsKdtQmOufOTe1QosKwjXpX2l7bx_RPvjQoumrmFaOvQ> |
<xme:jIL7X2f45055bcyxOin8SpKXy4prjgsCaY9aoqA5DkvlWoi69_7T-1CJD_PyZAwq3 | |
ErauAfD0HIu6e1JhQ> | |
X-ME-Proxy-Cause: | gggruggvucftvghtrhhoucdtuddrgedujedrvdegledgudeihecutefuodetggdotefrod |
ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh | |
necuuegrihhlohhuthemuceftddtnecunecujfgurheprhfuvfhfhffkffgfgggjtgfgse | |
htjeertddtfeejnecuhfhrohhmpefiihhrvhhinhcujfgvrhhruceoghhhvghrrhhlsehf | |
rghsthhmrghilhdrtghomheqnecuggftrfgrthhtvghrnhepheehfeellefgteelvedute | |
eihedttdejffehteefvddvudektdeutdeuteekkeejnecuffhomhgrihhnpehthhgvrhgv | |
ghhishhtvghrrdgtohhmpdhhthhtphhsihhsnhhothhthhgvvghnugdqrghllhhofhhsvg | |
gtuhhrihhthidrihhtpdhhthhtphhsphhorhhtrghlrdhnohifnecukfhppedutdekrddv | |
udehrdduleehrddvtdehnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrg | |
hilhhfrhhomhepghhhvghrrhhlsehfrghsthhmrghilhdrtghomh | |
X-ME-Proxy: | <xmx:jIL7XzdWY4c58F_WoNIQGBYZth_f2syTvZYCaFyzOuVYBtOC96NPMg> |
<xmx:jIL7Xw-jP_qmjDurPlP3ds44tarpriI5RTA8ATTLI95KhFDLJ1Otnw> | |
<xmx:jIL7X_lizXfU4hvOAQq1smGsLNL7SFxkONKjWfZR1P6m9ulLx7Auvg> | |
<xmx:jIL7X8fv1n-EXVgsnPAuH2BkSI7GFvKyZtcjJfp-dC7yXyLm_F1kmizzk28> | |
Subject: | Re: [geda-user] No https for pcb-rnd |
To: | geda-user AT delorie DOT com |
References: | <bde96a88-b800-6222-6138-69de5d03f0c2 AT fastmail DOT com> |
<20210110065529 DOT A5C7E82966EF AT turkos DOT aspodata DOT se> | |
From: | "Girvin Herr (gherrl AT fastmail DOT com) [via geda-user AT delorie DOT com]" <geda-user AT delorie DOT com> |
Message-ID: | <63b86b32-75be-dbff-7215-e3c35c484808@fastmail.com> |
Date: | Sun, 10 Jan 2021 14:38:48 -0800 |
User-Agent: | Mozilla/5.0 (X11; Linux i686; rv:68.0) Gecko/20100101 |
Thunderbird/68.12.0 | |
MIME-Version: | 1.0 |
In-Reply-To: | <20210110065529.A5C7E82966EF@turkos.aspodata.se> |
Reply-To: | geda-user AT delorie DOT com |
Errors-To: | nobody AT delorie DOT com |
X-Mailing-List: | geda-user AT delorie DOT com |
X-Unsubscribes-To: | listserv AT delorie DOT com |
On 1/9/21 10:55 PM, karl AT aspodata DOT se [via geda-user AT delorie DOT com] wrote: > Girvin Herr: >> In the name of computer security, I am going through all of my browser >> bookmarks and rejecting all websites that do not support the https >> protocol. > ... > > So would a self signed certificate suffice -- since then you are using > "https". > > And next, what kind of security do you want ? > a, the middleman cannot see what you transfer > b, the middleman cannot change what you transfer > c, the middleman cannot cannot see that you have contact or are > transferring (https doesn't solve that) > d, to be sure that the site is indeed authentic (use dns-sec for that) > e, something else I haven't thought about > > If you don't trust a self signed certificate, why would you trust > some random certificate authority and not some person writing > useful code that serves us well. See e.g. > https://www.theregister.com/2013/12/10/french_gov_dodgy_ssl_cert_reprimand/ > > You know, https isn't the final answer to computer security. > > And lastly, why don't you do a simple request on the pcb-rnd mailing > list, what has geda-user have to do with this. > > Regards, > /Karl Hammar > Karl, I don't know why you are so resistant to computer security. The majority of websites I visit and I have bookmarks for are already https compliant, including many, if not most, open source websites like gEDA. I finally got to my gEDA bookmarks and the gEDA websites are not https compliant either! It is about time the gEDA websites get on the bandwagon and improve their website security. Not having a web server, I cannot attest to what is needed to add a https port, but IMHO not doing so is risky. https is not the end-all of security. It takes constant vigilance to keep up with the bad guys and the tools, such as https, help and it should be a minimum. Why did I post my concern about pcb-rnd on this forum? Good question. I thought about it a while and decided that since pcb-rnd was on this forum in the past, and that it may be polled by the pcb-rnd devs, and that some pcb-rnd users who read the postings on this forum should know that the pcb-rnd website may not be as secure as they think, I decided to post here. That may be a political mistake and I apologize if it offends anyone, but I thought I was doing other users a service and maybe a push for the pcb-rnd server maintainer to add a https portal. Now that includes gEDA too. I hope the gEDA server maintainers create a https portal on the web server(s) asap. We all must be serious about computer security because there are a lot of bad guys out there. HTH. Girvin
webmaster | delorie software privacy |
Copyright © 2019 by DJ Delorie | Updated Jul 2019 |