Buy SSL certs for keys.qubes-os.org and wiki.qubes-os.org

[marmarek]

Reported by joanna on 6 Apr 2011 14:11 UTC
None

Migrated-From: https://wiki.qubes-os.org/ticket/203

[marmarek]

Modified by joanna on 11 Apr 2011 12:18 UTC

[marmarek]

Modified by joanna on 11 Apr 2011 12:18 UTC

[marmarek]

Modified by joanna on 22 Jun 2011 10:52 UTC

[marmarek]

Modified by joanna on 22 Jun 2011 10:52 UTC

[marmarek]

Comment by joanna on 30 Aug 2012 12:30 UTC
After thinking about it, I decided against buying the cert, for the following reasons:

1. As we still serve our ISOs from Amazon S3 systems (over which we have absolutely no control), the fact that we had an SSL cert for qubes-os.org would not change the fact that user would still need to verify signatures on the downloaded ISOs,

2. The certificate could only make it more convenient to verify our signing key (for ISO verification), but I'm afraid that this would discourage users from verifying the keys using 3rd party sites, such as qubes-devel archives, etc. At the same time, putting a private SSL key on our webserver (and now trusting it for our key verification) is something I would like to avoid. So far we managed to avoid the need to put any trust into servers, and I like this to stay this way.

3. Wiki is not security sensitive, users other than Qubes core developers cannot log in there anyway, and so there is little benefit of protecting it with SSL certs.

More discussion on this topic here:

https://groups.google.com/forum/?fromgroups=#!topic/qubes-devel/hSj9IED8Z9g

[marmarek]

Comment by joanna on 30 Aug 2012 12:30 UTC
After thinking about it, I decided against buying the cert, for the following reasons:

1. As we still serve our ISOs from Amazon S3 systems (over which we have absolutely no control), the fact that we had an SSL cert for qubes-os.org would not change the fact that user would still need to verify signatures on the downloaded ISOs,

2. The certificate could only make it more convenient to verify our signing key (for ISO verification), but I'm afraid that this would discourage users from verifying the keys using 3rd party sites, such as qubes-devel archives, etc. At the same time, putting a private SSL key on our webserver (and now trusting it for our key verification) is something I would like to avoid. So far we managed to avoid the need to put any trust into servers, and I like this to stay this way.

3. Wiki is not security sensitive, users other than Qubes core developers cannot log in there anyway, and so there is little benefit of protecting it with SSL certs.

More discussion on this topic here:

https://groups.google.com/forum/?fromgroups=#!topic/qubes-devel/hSj9IED8Z9g

[marmarek]

Comment by joanna on 9 Apr 2014 09:31 UTC
As we're granting more people access to our wiki it might be beneficial to actually have a cert for the wiki signed by a well known CA. Mostly for aesthetic reasons, but still...

Also, we need to buy certs for our Windows tools installer, and those two things might be done in one step perhaps.

[marmarek]

Comment by joanna on 9 Apr 2014 09:31 UTC
As we're granting more people access to our wiki it might be beneficial to actually have a cert for the wiki signed by a well known CA. Mostly for aesthetic reasons, but still...

Also, we need to buy certs for our Windows tools installer, and those two things might be done in one step perhaps.

[marmarek]

Comment by joanna on 16 Apr 2014 13:50 UTC
See also some discussions in this recent thread:

https://groups.google.com/d/msg/qubes-users/d9HtPr-E6aI/vLibCaM5D6kJ

[marmarek]

Comment by joanna on 16 Apr 2014 13:50 UTC
See also some discussions in this recent thread:

https://groups.google.com/d/msg/qubes-users/d9HtPr-E6aI/vLibCaM5D6kJ

[marmarek]

Modified by joanna on 16 Apr 2014 17:26 UTC

[marmarek]

Modified by joanna on 16 Apr 2014 17:26 UTC

[marmarek]

Modified by joanna on 2 Jul 2014 18:07 UTC

[marmarek]

Modified by joanna on 2 Jul 2014 18:07 UTC