[Members] Distrusting new StartSSL certs
Peter Saint-Andre
stpeter at stpeter.im
Tue Oct 25 23:08:52 UTC 2016
On 10/25/16 3:26 PM, Arc Riley wrote:
> https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
Yes, I read that too. It's a sad day, given that the XMPP community did
some good work with StartCom about 10 years ago. Nothing lasts forever.
> I think its come time for XMPP servers to start going the same. There's
> no point using TLS when you accept certs from untrustable sources.
I expect that most XMPP software applications use certificate bundles
from outside sources (such as the underlying OS or Mozilla), and I
expect that most of those sources will be making similar policy
decisions soon given the malfeasance involved with WoSign/StartCom.
Peter
More information about the Members
mailing list