Weekly Edition
Return to the Kernel page
| |||||||||||||
SSL on kernel.orgJohn "Warthog9" Hawley has announced the availability of SSL encryption (i.e. https) for kernel.org. The kernel bugzilla, wikis, account requests, and the Patchwork patch tracker have all been defaulted to https via an http redirect. In addition, the www, boot, git, and android.git subdomains of kernel.org can use SSL if the user specifies https in the URL. There are no plans to support SSL for mirrors.kernel.org, because "these machines move a large amount of data to a large number of users and it would be difficult, and memory intensive, to provide SSL for this service." Hawley also notes that Thawte donated signed SSL certificates, which "alleviates a large amount of support effort that self-signed certificates would have incurred". (Log in to post comments)
SSL on kernel.org Posted Mar 26, 2010 14:58 UTC (Fri) by jcm (subscriber, #18262) [Link]
Apparently, the donated certs are "wildcard" too, which I didn't know was an option these days and maybe those still used to one-IP-one-cert logic don't know about either. And those things are pretty expensive at retail, so good for Thawte.
Security on top of no-security Posted Mar 28, 2010 23:46 UTC (Sun) by eparis123 (guest, #59739) [Link]
Basing a secure protocol (SSL) on a non-secure one (HTTP redirect) is
useless. An intruder can very simply redirect the request to his own malice website.
Security on top of no-security Posted Mar 29, 2010 1:54 UTC (Mon) by foom (subscriber, #14868) [Link]
Only if they can man-in-the-middle you. And as we've discussed, SSL is practically useless against
MITM attacks anyways. :)
|
|||||||||||||