This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[atlas] SSL Certificates for ripe anchors
- Previous message (by thread): [atlas] SSL Certificates for ripe anchors
- Next message (by thread): [atlas] SSL Certificates for ripe anchors
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Shane Kerr
shane at time-travellers.org
Tue Sep 3 11:17:39 CEST 2019
Robert, On 03/09/2019 09.57, Robert Kisteleki wrote: > >> Still no one has answered why ripe is using self signed certs for anchor >> when they can use let's encrypt for free... > > TL;DR if the community prefers it we use LE (+TLSA). > > This comes with the expense of some one-time and ongoing operational > work. Considering that anchors don't host any sensitive information, > using self-signed certs (+TLSA) was so far considered good enough. Sorry for asking this question so late in this thread, but what exactly are the certificates used for? The value of a certificate from a certificate authority is that you outsource the work of establishing a trust relationship. If you're connecting bits of networking infrastructure together, presumably one's provisioning tools can configure each component with exactly the secrets and trust needed, so self-signed certificates should be fine (or better, since the system is simpler and there is no dependency on external infrastructure). If the use case under discussion is to help RIPE anchor operators (or others) to see some status page on the anchor itself via a browser, then using a "real" certificate might make sense. Otherwise, I don't see the point. Cheers, -- Shane
- Previous message (by thread): [atlas] SSL Certificates for ripe anchors
- Next message (by thread): [atlas] SSL Certificates for ripe anchors
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]