From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 3E0B91382C5 for ; Tue, 1 Jun 2021 12:24:37 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 627C0E0802; Tue, 1 Jun 2021 12:24:33 +0000 (UTC) Received: from smarthost01c.mail.zen.net.uk (smarthost01c.mail.zen.net.uk [212.23.1.5]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id B54EFE079E for ; Tue, 1 Jun 2021 12:24:32 +0000 (UTC) Received: from [82.69.80.10] (helo=wstn.localnet) by smarthost01c.mail.zen.net.uk with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1lo3Rf-0005ba-1A for gentoo-user@lists.gentoo.org; Tue, 01 Jun 2021 12:24:31 +0000 From: Peter Humphrey To: gentoo-user@lists.gentoo.org Subject: Re: Letsencrypt (was Re: [gentoo-user] app-misc/ca-certificates) Date: Tue, 01 Jun 2021 13:24:30 +0100 Message-ID: <2585791.mvXUDI8C0e@wstn> In-Reply-To: <9e56e085f91a57cfe81f857675118517f12ea5b8.camel@gentoo.org> References: <20210529030839.123d8526@melika.host77.tld> <2603445.mvXUDI8C0e@wstn> <9e56e085f91a57cfe81f857675118517f12ea5b8.camel@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-Originating-smarthost01c-IP: [82.69.80.10] Feedback-ID: 82.69.80.10 X-Archives-Salt: 47982d20-2c10-4df3-a443-84db015feac6 X-Archives-Hash: f651ed8429b735ba969c867ff3b2cd13 On Tuesday, 1 June 2021 13:16:59 BST Michael Orlitzky wrote: > On Tue, 2021-06-01 at 13:02 +0100, Peter Humphrey wrote: > > So what would you recommend for someone in the case Joost cites? I'm in > > that position, being a home user of a small network but no registered > > Internet name. > > A self-signed certificate combined with a browser extension that lets > you "pin" it. With pinning, you can keep your browser usable on the WWW > while still rejecting any forged certificates for your own hosts. The > end result works pretty much like SSH keys do. Thanks Michael. -- Regards, Peter.