-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA224 As some of you may already be aware, StartCom (a major provider of SSL certificates) has repeatedly and intentionally violated the basic rules to be listed as a root CA in most browsers [1] [2]. Unfortunately, TDE used StartCom as its root CA provider in an attempt to lower overall costs; as a result, the main TDE pages, QuickBuild, and other related services will no longer be accessible to the majority of Web clients. We do not have the funds to replace the certificate with a costlier option at this time. LetsEncrypt does not appear to be secure enough as it effectively requires automated certificate installation on the master servers, and furthermore I expect it to be removed from as a fully trusted root CA or at least demoted in some way in the future [3]. Due to the industry-standard security in use, we cannot simply disable HTTPS without disabling access to all TDE sites previously using HTTPS. Furthermore, disabling HTTPS would open TDE users adn visitors to malicious MITM attack, and I am not willing to do this. Our only options come down to either accepting the heavy loss in visitors / traffic that will come from using a self-signed certificate, or attempting to raise the funds required to purchase a new certificate. It should only cost around $200 to obtain a new multi-year certificate covering TDE, so if you can please contribute something toward this goal via our donations page [4]. Again, I apologize for the inconvenience; it is not common for a CA to be delisted and the impact from this has been felt across many sites. Unfortunately, it will only continue to worsen as Chrome (with its 75% market share) is updated by end users over the next few days / weeks. Thank you! [1] https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html [2] https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/ [3] http://www.datamation.com/security/lets-encrypt-the-good-and-the-bad.html [4] https://trinitydesktop.org/donate.php -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iFYEARELAAYFAlimAXYACgkQLaxZSoRZrGG6QQDeObweyASWhjs/USiO6Nm05CcH C20FUSd8bT7Y7wDdGKueJfay8/HacDBlPw+u2WItBSpRs3geLoPLSw== =RdsZ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: trinity-devel-unsubscribe@xxxxxxxxxxxxxxxxxxxxxxxxxx For additional commands, e-mail: trinity-devel-help@xxxxxxxxxxxxxxxxxxxxxxxxxx Read list messages on the web archive: http://trinity-devel.pearsoncomputing.net/ Please remember not to top-post: http://trinity.pearsoncomputing.net/mailing_lists/#top-posting
