[Operators] removal of 0nl1ne.at

Peter Saint-Andre stpeter at stpeter.im
Sun Aug 24 16:43:26 UTC 2014


Hi Nik,

You're right that the comment wasn't helpful - I used the same comment 
for every server that scored "F".

I'll reply more later - just running out the door here.

Peter

On 8/24/14, 8:32 AM, Nikolaus Polak wrote:
>
> Hello,
>
> I've no problem with the removal of 0nl1ne.at from the xmpp.net index,
> the only thing I wanted to tell public to stpeter: the comment is wrong,
> "insecure server" would mean that I failed to generate a new private key
> and a new certificate.
> (Link to commit:
> https://github.com/stpeter/xmppdotnet/commit/3536374e66864f0a366775388455d6d374005af6
> )
>
> As already written on this mailing list, StartSSL refused to renew my
> 0nl1ne.at certificate because of the name (I could try to fool
> online.at-Users), which I understand partly.
>
> I tried to switch to CaCert: but then 30% of S2S wasn't working after
> that because of their new signing method, which I also discussed on this
> mailing list, and nobody got until now a solution for that.
>
> Perhaps you should remove all with certs older than a few months too
> from the index (easy: at least all CaCert signed which still have
> perfectly working S2S ;)), as not renewing after heartbleed is really,
> really insecure.
> I even paid for revoking all my other certs on startssl.com, guess there
> are not much people out there who do this for a free service.
>
> Sorry for this "small rant", with best regards,
> Nik



More information about the Operators mailing list