cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: http://curl.haxx.se/ca/cacert.pem

From: Kristian Fiskerstrand <kristian.fiskerstrand_at_sumptuouscapital.com>
Date: Thu, 07 Feb 2013 22:47:23 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 02/07/2013 10:40 PM, Daniel Stenberg wrote:
> On Thu, 7 Feb 2013, Kristian Fiskerstrand wrote:
>
>>> Anyway, I was wondering if it might be possible to update the
>>> website to serve these over a secure connection?
>>
>> Alternatively (or in addition) could it make sense to digitally
>> sign the files using the OpenPGP standard (GnuPG) ?
>
> That's an interesting idea, but this output is generated
> automatically in a cronjob and it would be a bit annoying for me to
> have to sign it everytime it happens to change. And having a
> mis-matching signature lingering would be terrible!
>

Presuming that the cronjob happens on a separate system than the
actual webserver even an lower-security signing key could make sense,
then the signing process could be performed automatically as well
(--batch mode). It wouldn't help (as much) for a system compromise
(nothing would), but it would be of great help for a poisoned DNS
record or other MITM attack vector.

- --
- ----------------------------
Kristian Fiskerstrand
http://www.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Prævenire melius est quam præveniri
It is better to precede than to be preceded
- ----------------------------
This email was digitally signed using the OpenPGP
standard. If you want to read more about this
The book: Sending Emails - The Safe Way: An
introduction to OpenPGP security is
available in both Amazon Kindle and Paperback
format at
http://www.amazon.com/dp/B006RSG1S4/
- ----------------------------
Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.0-beta145 (GNU/Linux)

iQIcBAEBCAAGBQJRFCDqAAoJEAt/i2Dj7frjx18P/jx5DEnxx5849qPE92MF6O6o
EgYr8QAlMSbvFN8rOEg+TNWQD61YZaO8JOLMWyWcCHeboLvEZCly4gnS+IuovANh
COtNb+4Pvvp/6TxtZjuFLKOBup+uLztogANo6eaY5EVU3foX6g0GkxT+GNBuUSeE
xIVd8dXYOypwELy/sF9p1KWZIa9VPOeYsqrF3vGNsI9DWK6dBL5jnd9cKcqwnD6p
HC4syscTtrGKMqc5U0RN6buWMf7XDO8SpYyAAoStkeDO0Dw/ROQNvaPrkokIWD/s
WEA1Fgxj3Zu5CSXLcFap8n2Vm3TfCmixX9wOIGyVSx6fNpcDYKETlPT0Dros3GCg
sVU99w29ZEnZPmDFJ6lqyL2Vzr96FJP4FAvWe5wJmYpXHM4XaVG8/is5AFjMmf/Q
Bi/UOWU6DsCNyZnqF7tm0cVD9JQ3AXmylU5yFZPJAF7gNcHX8hzf1ukhulFbJXnT
IQSLme4oFv/9kHpZix+cLKPSuh/iaxNUQO0EhvuGZt6FRU730nbkkTqvNph1CZe/
ah5PNJYB0EVaWDu1oJFEEhYQwNvCetLSknG1Ek9rvo9yw/IxFWASgVaSwmpnOE2V
miJ/3CppLe1qb96cFOKSO5Lms6/blGju+SUKPdWX9eCMbNqzjIUqVatzdP7494qM
JgzReJYCiAYFzFp6sGD1
=VDmQ
-----END PGP SIGNATURE-----
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-02-07