Re: [Freedombox-discuss] CAs and cipher suites for cautious servers like FreedomBox
----- Forwarded message from Keith
On Thu, Sep 12, 2013 at 04:44:31PM +0100, Keith wrote:
With a CA on each freedombox there need not be a requirement for a server.
If my understanding of Tor is right, it is designed for anonymity, not encryption, should not need a CA for this.
Can you get PFS with snakeoil (I presume these are generated during the installation, is there at all enough entropy at that time so this is safe?) certs?
Postfix and dovecot in newer versions can do PFS: http://www.heinlein-support.de/blog/security/perfect-forward-secrecy-pfs-fur... _______________________________________________ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
participants (1)
-
Eugen Leitl