Access to www.gnupg.org only via TLS
Martin Gollowitzer
gollo at fsfe.org
Wed Apr 30 10:25:24 CEST 2014
* Doug Barton <dougb at dougbarton.us> [140430 10:05,
mID <5360AE82.6070505 at dougbarton.us>]:
> On 04/30/2014 12:41 AM, Werner Koch wrote:
> >Hi,
> >
> >I have changed the website setup so that any plain text access to
> >www.gnupg.org is redirected to https://www.gnupg.org . Strict Transport
> >Security (HSTS) has also been enabled.
> >
> >In case of problems with TLS you may use www dot tla-friendly dot
> >gnupg.org to view the pages.
> >
> >Note that https is not enforced for lists.gnupg.org and the other
> >services because over there we use CAcert certificates which do not work
> >widely enough.
>
> All good news. :)
>
> >If there is an interest to have lists at https as well,
> >I consider to purchase a certificate for it.
>
> I know it's been discussed on the list before, but I'm quite happy
> with https://www.startssl.com/, and you certainly can't beat the
> price. :)
You might want to consider my blogpost about StartSSL [1]. Despite that,
the SSLLabs test shows two small issues when testing gnupg.org [2], one
of which is the too short time sent in the HSTS header.
[1] http://blogs.fsfe.org/gollo/2014/04/13/what-the-heartbleed-bug-revealed-to-me/
[2] https://www.ssllabs.com/ssltest/analyze.html?d=gnupg.org
Thanks,
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: Digital signature
URL: </pipermail/attachments/20140430/d0280e27/attachment.sig>
More information about the Gnupg-users
mailing list