Consider it done.

Calvin

On 16 February 2017 at 14:45, Timothy Pearson
<kb9vqf@...> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA224
>
> As some of you may already be aware, StartCom (a major provider of SSL
> certificates) has repeatedly and intentionally violated the basic rules to
> be listed as a root CA in most browsers [1] [2].  Unfortunately, TDE used
> StartCom as its root CA provider in an attempt to lower overall costs; as
> a result, the main TDE pages, QuickBuild, and other related services will
> no longer be accessible to the majority of Web clients.
>
> We do not have the funds to replace the certificate with a costlier option
> at this time.  LetsEncrypt does not appear to be secure enough as it
> effectively requires automated certificate installation on the master
> servers, and furthermore I expect it to be removed from as a fully trusted
> root CA or at least demoted in some way in the future [3].
>
> Due to the industry-standard security in use, we cannot simply disable
> HTTPS without disabling access to all TDE sites previously using HTTPS.
> Furthermore, disabling HTTPS would open TDE users adn visitors to
> malicious MITM attack, and I am not willing to do this.
>
> Our only options come down to either accepting the heavy loss in visitors
> / traffic that will come from using a self-signed certificate, or
> attempting to raise the funds required to purchase a new certificate.  It
> should only cost around $200 to obtain a new multi-year certificate
> covering TDE, so if you can please contribute something toward this goal
> via our donations page [4].
>
> Again, I apologize for the inconvenience; it is not common for a CA to be
> delisted and the impact from this has been felt across many sites.
> Unfortunately, it will only continue to worsen as Chrome (with its 75%
> market share) is updated by end users over the next few days / weeks.
>
> Thank you!
>
> [1]
> https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html
>
> [2]
> https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
>
> [3] http://www.datamation.com/security/lets-encrypt-the-good-and-the-bad.html
>
> [4] https://trinitydesktop.org/donate.php
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
>
> iFYEARELAAYFAlimAXYACgkQLaxZSoRZrGG6QQDeObweyASWhjs/USiO6Nm05CcH
> C20FUSd8bT7Y7wDdGKueJfay8/HacDBlPw+u2WItBSpRs3geLoPLSw==
> =RdsZ
> -----END PGP SIGNATURE-----
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: trinity-devel-unsubscribe@...
> For additional commands, e-mail: trinity-devel-help@...
> Read list messages on the web archive: http://trinity-devel.pearsoncomputing.net/
> Please remember not to top-post: http://trinity.pearsoncomputing.net/mailing_lists/#top-posting
>