From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id B0D201382C5 for ; Tue, 1 Jun 2021 12:17:08 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C71F6E07AE; Tue, 1 Jun 2021 12:17:03 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 2F0A6E0207 for ; Tue, 1 Jun 2021 12:17:03 +0000 (UTC) Message-ID: <9e56e085f91a57cfe81f857675118517f12ea5b8.camel@gentoo.org> Subject: Re: Letsencrypt (was Re: [gentoo-user] app-misc/ca-certificates) From: Michael Orlitzky To: gentoo-user@lists.gentoo.org Date: Tue, 01 Jun 2021 08:16:59 -0400 In-Reply-To: <2603445.mvXUDI8C0e@wstn> References: <20210529030839.123d8526@melika.host77.tld> <2212846.ElGaqSPkdT@iris> <2603445.mvXUDI8C0e@wstn> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.40.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Archives-Salt: 7f03084b-5577-499a-b055-77aeb7fee0de X-Archives-Hash: 7a4068f27ba08f71a5e58e917d0c7121 On Tue, 2021-06-01 at 13:02 +0100, Peter Humphrey wrote: > > So what would you recommend for someone in the case Joost cites? I'm in that > position, being a home user of a small network but no registered Internet > name. > A self-signed certificate combined with a browser extension that lets you "pin" it. With pinning, you can keep your browser usable on the WWW while still rejecting any forged certificates for your own hosts. The end result works pretty much like SSH keys do.