X-Authentication-Warning: delorie.com: mail set sender to geda-user-bounces using -f
X-Recipient: geda-user AT delorie DOT com
X-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=content-transfer-encoding:content-type
	:date:from:in-reply-to:message-id:mime-version:references
	:reply-to:subject:to:x-me-proxy:x-me-proxy:x-me-sender
	:x-me-sender:x-sasl-enc; s=fm1; bh=/rMLVMR0lPJH73hrYyDt8OIuMpIgW
	1L+hzFO3jfEPTw=; b=A/Cs5Xtm0zJjLNj7tz3bHTzdzr8tiVpPnIe4WR81evbA6
	taTIl3FPDF28AHA2JTcEXWoZhNfT0Anjrwub4DX4Myh1PS+EaYpmjNVQf3FDyw+k
	ByMGCJW5ByCbf9avtV1cMlUZpSPyQb8fY+DuyOBLHYl3xt9c7+c7dLR0XI9xHmRF
	TeVQO0HMEqBZP6l2M1F5kEBmDZG0hpefJDMZb1LdPfch5bDyY80ROgSbtjrc9KEX
	hYDxz1ovY2QO139EQQ7D/ATMSPFFNWb3HLwnqukxDYz1mC9nR/ZILM/Er0BccGQ5
	2+mSFdeVW7ivn+i7QD62h5Q3AT7/ghfyG/wNIKQow==
X-ME-Sender: <xms:jIL7X-gmVVIsKdtQmOufOTe1QosKwjXpX2l7bx_RPvjQoumrmFaOvQ>
    <xme:jIL7X2f45055bcyxOin8SpKXy4prjgsCaY9aoqA5DkvlWoi69_7T-1CJD_PyZAwq3
    ErauAfD0HIu6e1JhQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrvdegledgudeihecutefuodetggdotefrod
    ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
    necuuegrihhlohhuthemuceftddtnecunecujfgurheprhfuvfhfhffkffgfgggjtgfgse
    htjeertddtfeejnecuhfhrohhmpefiihhrvhhinhcujfgvrhhruceoghhhvghrrhhlsehf
    rghsthhmrghilhdrtghomheqnecuggftrfgrthhtvghrnhepheehfeellefgteelvedute
    eihedttdejffehteefvddvudektdeutdeuteekkeejnecuffhomhgrihhnpehthhgvrhgv
    ghhishhtvghrrdgtohhmpdhhthhtphhsihhsnhhothhthhgvvghnugdqrghllhhofhhsvg
    gtuhhrihhthidrihhtpdhhthhtphhsphhorhhtrghlrdhnohifnecukfhppedutdekrddv
    udehrdduleehrddvtdehnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrg
    hilhhfrhhomhepghhhvghrrhhlsehfrghsthhmrghilhdrtghomh
X-ME-Proxy: <xmx:jIL7XzdWY4c58F_WoNIQGBYZth_f2syTvZYCaFyzOuVYBtOC96NPMg>
    <xmx:jIL7Xw-jP_qmjDurPlP3ds44tarpriI5RTA8ATTLI95KhFDLJ1Otnw>
    <xmx:jIL7X_lizXfU4hvOAQq1smGsLNL7SFxkONKjWfZR1P6m9ulLx7Auvg>
    <xmx:jIL7X8fv1n-EXVgsnPAuH2BkSI7GFvKyZtcjJfp-dC7yXyLm_F1kmizzk28>
Subject: Re: [geda-user] No https for pcb-rnd
To: geda-user AT delorie DOT com
References: <bde96a88-b800-6222-6138-69de5d03f0c2 AT fastmail DOT com>
 <20210110065529 DOT A5C7E82966EF AT turkos DOT aspodata DOT se>
From: "Girvin Herr (gherrl AT fastmail DOT com) [via geda-user AT delorie DOT com]" <geda-user AT delorie DOT com>
Message-ID: <63b86b32-75be-dbff-7215-e3c35c484808@fastmail.com>
Date: Sun, 10 Jan 2021 14:38:48 -0800
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:68.0) Gecko/20100101
 Thunderbird/68.12.0
MIME-Version: 1.0
In-Reply-To: <20210110065529.A5C7E82966EF@turkos.aspodata.se>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Reply-To: geda-user AT delorie DOT com
Errors-To: nobody AT delorie DOT com
X-Mailing-List: geda-user AT delorie DOT com
X-Unsubscribes-To: listserv AT delorie DOT com
Precedence: bulk


On 1/9/21 10:55 PM, karl AT aspodata DOT se [via geda-user AT delorie DOT com] wrote:
> Girvin Herr:
>> In the name of computer security, I am going through all of my browser
>> bookmarks and rejecting all websites that do not support the https
>> protocol.
> ...
>
> So would a self signed certificate suffice -- since then you are using
> "https".
>
> And next, what kind of security do you want ?
> a, the middleman cannot see what you transfer
> b, the middleman cannot change what you transfer
> c, the middleman cannot cannot see that you have contact or are
>     transferring (https doesn't solve that)
> d, to be sure that the site is indeed authentic (use dns-sec for that)
> e, something else I haven't thought about
>
> If you don't trust a self signed certificate, why would you trust
> some random certificate authority and not some person writing
> useful code that serves us well. See e.g.
>   https://www.theregister.com/2013/12/10/french_gov_dodgy_ssl_cert_reprimand/
>
> You know, https isn't the final answer to computer security.
>
> And lastly, why don't you do a simple request on the pcb-rnd mailing
> list, what has geda-user have to do with this.
>
> Regards,
> /Karl Hammar
>
Karl,

I don't know why you are so resistant to computer security. The majority 
of websites I visit and I have bookmarks for are already https 
compliant, including many, if not most, open source websites like gEDA. 
I finally got to my gEDA bookmarks and the gEDA websites are not https 
compliant either! It is about time the gEDA websites get on the 
bandwagon and improve their website security. Not having a web server, I 
cannot attest to what is needed to add a https port, but IMHO not doing 
so is risky. https is not the end-all of security. It takes constant 
vigilance to keep up with the bad guys and the tools, such as https, 
help and it should be a minimum.

Why did I post my concern about pcb-rnd on this forum? Good question. I 
thought about it a while and decided that since pcb-rnd was on this 
forum in the past, and that it may be polled by the pcb-rnd devs, and 
that some pcb-rnd users who read the postings on this forum should know 
that the pcb-rnd website may not be as secure as they think, I decided 
to post here. That may be a political mistake and I apologize if it 
offends anyone, but I thought I was doing other users a service and 
maybe a push for the pcb-rnd server maintainer to add a https portal. 
Now that includes gEDA too. I hope the gEDA server maintainers create a 
https portal on the web server(s) asap. We all must be serious about 
computer security because there are a lot of bad guys out there.

HTH.

Girvin