[LAD] https for linuxaudio.org
IOhannes m zmoelnig
zmoelnig at iem.at
Tue Nov 21 10:39:49 UTC 2017
On 2017-11-21 10:49, Jeremy Jongepier wrote:
> Hello David,
>> I'm currently taking over a bunch of packages for Arch Linux (mainly
>> pro-audio stuff).
>> Would it be possible to implement letsencrypt for linuxaudio.org and all
>> of its subdomains?
> It's possible for linuxaudio.org but not for all the subdomains. the
> linuxaudio.org server is a shared server that hosts projects of a
> variety of organizations and people. root at linuxaudio.org can't enforce
> the usage of SSL for all users, it's a decision the users have to take.
i'm not sure whether i read this correctly, but you make it sound like
there's technical problems hindering the implementation of https://,
although i think these are merely social (e.g. you don't want to shove
https:// down the throat of just anybody).
it's also slightly unclear what you mean by "users" (intuitively i would
have said that "users" refers to the people who want to access the
website with their browsers; however, as root at linuxaudio.org you might
think of the 'variety of organizations and people' who host projects on
linuxaudio.org as your "users").
also, there's a slight difference between "enforcing the usage of SSL"
(shoving it down the throats of everybody) and "enabling" it.
https:// is a great means against mitm attacks; as ralf has pointed out,
it's less useful as a tool to ensure privacy (use tor for that) or
integrity (use gpg signatures for that). however, it does help raising
the standards for both.
there is practically no reason to *not* use https:// everywhere (well
there's one: CPU power on the server side).
if CPU power is not a problem, i would suggest to:
- enable https:// for *all* VHOSTS that are directly running on the
- allow all organizations and people that "run" one of these VHOSTS to
permanently redirect to https:// (if the choose so).
of course people who run their own VHOSTS (if any) need to implement
and of course, i'm not associated with anything linuxaudio.org, so i
don't know the exact contract under which you give away VHOSTS.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the Linux-audio-dev