[Operators] removal of 0nl1ne.at
Nikolaus Polak
mail at nikolauspolak.info
Sun Aug 24 14:32:55 UTC 2014
Hello,
I've no problem with the removal of 0nl1ne.at from the xmpp.net index,
the only thing I wanted to tell public to stpeter: the comment is
wrong, "insecure server" would mean that I failed to generate a new
private key and a new certificate.
(Link to commit:
https://github.com/stpeter/xmppdotnet/commit/3536374e66864f0a366775388455d6d374005af6
)
As already written on this mailing list, StartSSL refused to renew my
0nl1ne.at certificate because of the name (I could try to fool
online.at-Users), which I understand partly.
I tried to switch to CaCert: but then 30% of S2S wasn't working after
that because of their new signing method, which I also discussed on
this mailing list, and nobody got until now a solution for that.
Perhaps you should remove all with certs older than a few months too
from the index (easy: at least all CaCert signed which still have
perfectly working S2S ;)), as not renewing after heartbleed is really,
really insecure.
I even paid for revoking all my other certs on startssl.com, guess
there are not much people out there who do this for a free service.
Sorry for this "small rant", with best regards,
Nik
--
Mit freundlichen Grüßen / with best regards,
Nikolaus Polak - http://nikolauspolak.info
More information about the Operators
mailing list