X-Authentication-Warning: delorie.com: mail set sender to geda-user-bounces using -f X-Recipient: geda-user AT delorie DOT com X-Mailer: exmh version 2.8.0 04/21/2012 with nmh-1.7+dev X-Exmh-Isig-CompType: repl X-Exmh-Isig-Folder: inbox From: "karl AT aspodata DOT se [via geda-user AT delorie DOT com]" To: geda-user AT delorie DOT com Subject: Re: [geda-user] No https for pcb-rnd In-reply-to: References: Comments: In-reply-to "Girvin Herr (gherrl AT fastmail DOT com) [via geda-user AT delorie DOT com]" message dated "Sat, 09 Jan 2021 15:10:55 -0800." Mime-Version: 1.0 Content-Type: text/plain Message-Id: <20210110065529.A5C7E82966EF@turkos.aspodata.se> Date: Sun, 10 Jan 2021 07:55:29 +0100 (CET) X-Virus-Scanned: ClamAV using ClamSMTP Reply-To: geda-user AT delorie DOT com Errors-To: nobody AT delorie DOT com X-Mailing-List: geda-user AT delorie DOT com X-Unsubscribes-To: listserv AT delorie DOT com Precedence: bulk Girvin Herr: > In the name of computer security, I am going through all of my browser > bookmarks and rejecting all websites that do not support the https > protocol. ... So would a self signed certificate suffice -- since then you are using "https". And next, what kind of security do you want ? a, the middleman cannot see what you transfer b, the middleman cannot change what you transfer c, the middleman cannot cannot see that you have contact or are transferring (https doesn't solve that) d, to be sure that the site is indeed authentic (use dns-sec for that) e, something else I haven't thought about If you don't trust a self signed certificate, why would you trust some random certificate authority and not some person writing useful code that serves us well. See e.g. https://www.theregister.com/2013/12/10/french_gov_dodgy_ssl_cert_reprimand/ You know, https isn't the final answer to computer security. And lastly, why don't you do a simple request on the pcb-rnd mailing list, what has geda-user have to do with this. Regards, /Karl Hammar