From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 92B40138887 for ; Tue, 5 Feb 2013 16:59:47 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 10847E049A; Tue, 5 Feb 2013 16:59:44 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 20278E0441 for ; Tue, 5 Feb 2013 16:59:43 +0000 (UTC) Received: from mail-ob0-f181.google.com (mail-ob0-f181.google.com [209.85.214.181]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: djc) by smtp.gentoo.org (Postfix) with ESMTPSA id 396F333DF14 for ; Tue, 5 Feb 2013 16:59:42 +0000 (UTC) Received: by mail-ob0-f181.google.com with SMTP id ni5so390155obc.26 for ; Tue, 05 Feb 2013 08:59:40 -0800 (PST) X-Received: by 10.182.123.49 with SMTP id lx17mr18569018obb.63.1360083580363; Tue, 05 Feb 2013 08:59:40 -0800 (PST) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Received: by 10.76.90.73 with HTTP; Tue, 5 Feb 2013 08:59:20 -0800 (PST) From: Dirkjan Ochtman Date: Tue, 5 Feb 2013 17:59:20 +0100 Message-ID: Subject: [gentoo-dev] CA-certified SSL To: Gentoo Development Content-Type: text/plain; charset=UTF-8 X-Archives-Salt: cebb1bb6-5e00-4c9d-a97d-f622aecf864c X-Archives-Hash: be6ba075cc8bbc4bbefd35ecb96d031c Hi, IIRC, we currently don't have CA-certified SSL certificates on Gentoo properties because the infrastructure people who handle that kind of stuff really dislike giving up their personal information to a corporation like a CA. Would it be possible to break that logjam by volunteering for the job of requesting the certificates? I think it's really quite silly that we keep inconveniencing ourselves and our user by not having proper certificates that get recognized by all the major browsers, preferably wildcard variants (particularly for Bugzilla attachments). I'd be happy to handle the certificates and renew them every time when needed, passing them on to infra staff via a channel they deem secure enough, although it would be nice if someone else can provide me with funds (e.g. the Trust/Foundation?). Cheers, Dirkjan