[Dev] certificates have been renewed
Michał Masłowski
mtjm at mtjm.eu
Thu Feb 21 21:15:17 GMT 2013
>> This doesn't suggest them being updated, we could remove them and use
>> the *.parabolagnulinux.org certificates.
>
> no, i just renewed the keys i mentioned
Ok, I've changed it to use the wildcard certificate.
>> We could have one key pair at once on both servers, renew the public key
>> once per six months and replace the private key once or twice per year.
>> Having more than one key per server leads to forgotten keys like the
>> mail one. Two separate keys one for each server will have overlapping
>> names, so they shouldn't be more secure than one key for both.
>
> why would it be necessary to change keys? for security problems?
I don't remember where I have read that it's useful for security. It's
not harder to replace both keys from user's usability point of view.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20130221/197603ea/attachment.sig>
More information about the Dev
mailing list