Consider it done. Calvin On 16 February 2017 at 14:45, Timothy Pearson <kb9vqf@xxxxxxxxxxxxxxxxxxxx> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA224 > > As some of you may already be aware, StartCom (a major provider of SSL > certificates) has repeatedly and intentionally violated the basic rules to > be listed as a root CA in most browsers [1] [2]. Unfortunately, TDE used > StartCom as its root CA provider in an attempt to lower overall costs; as > a result, the main TDE pages, QuickBuild, and other related services will > no longer be accessible to the majority of Web clients. > > We do not have the funds to replace the certificate with a costlier option > at this time. LetsEncrypt does not appear to be secure enough as it > effectively requires automated certificate installation on the master > servers, and furthermore I expect it to be removed from as a fully trusted > root CA or at least demoted in some way in the future [3]. > > Due to the industry-standard security in use, we cannot simply disable > HTTPS without disabling access to all TDE sites previously using HTTPS. > Furthermore, disabling HTTPS would open TDE users adn visitors to > malicious MITM attack, and I am not willing to do this. > > Our only options come down to either accepting the heavy loss in visitors > / traffic that will come from using a self-signed certificate, or > attempting to raise the funds required to purchase a new certificate. It > should only cost around $200 to obtain a new multi-year certificate > covering TDE, so if you can please contribute something toward this goal > via our donations page [4]. > > Again, I apologize for the inconvenience; it is not common for a CA to be > delisted and the impact from this has been felt across many sites. > Unfortunately, it will only continue to worsen as Chrome (with its 75% > market share) is updated by end users over the next few days / weeks. > > Thank you! > > [1] > https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html > > [2] > https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/ > > [3] http://www.datamation.com/security/lets-encrypt-the-good-and-the-bad.html > > [4] https://trinitydesktop.org/donate.php > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iFYEARELAAYFAlimAXYACgkQLaxZSoRZrGG6QQDeObweyASWhjs/USiO6Nm05CcH > C20FUSd8bT7Y7wDdGKueJfay8/HacDBlPw+u2WItBSpRs3geLoPLSw== > =RdsZ > -----END PGP SIGNATURE----- > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: trinity-devel-unsubscribe@xxxxxxxxxxxxxxxxxxxxxxxxxx > For additional commands, e-mail: trinity-devel-help@xxxxxxxxxxxxxxxxxxxxxxxxxx > Read list messages on the web archive: http://trinity-devel.pearsoncomputing.net/ > Please remember not to top-post: http://trinity.pearsoncomputing.net/mailing_lists/#top-posting > --------------------------------------------------------------------- To unsubscribe, e-mail: trinity-devel-unsubscribe@xxxxxxxxxxxxxxxxxxxxxxxxxx For additional commands, e-mail: trinity-devel-help@xxxxxxxxxxxxxxxxxxxxxxxxxx Read list messages on the web archive: http://trinity-devel.pearsoncomputing.net/ Please remember not to top-post: http://trinity.pearsoncomputing.net/mailing_lists/#top-posting
