This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ripe-atlas@ripe.net/
[atlas] SSL Certificates for ripe anchors
- Previous message (by thread): [atlas] SSL Certificates for ripe anchors
- Next message (by thread): [atlas] SSL Certificates for ripe anchors
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Robert Kisteleki
robert at ripe.net
Tue Sep 3 11:38:33 CEST 2019
On 2019-09-03 11:17, Shane Kerr wrote: > Robert, > > On 03/09/2019 09.57, Robert Kisteleki wrote: >> >>> Still no one has answered why ripe is using self signed certs for anchor >>> when they can use let's encrypt for free... >> >> TL;DR if the community prefers it we use LE (+TLSA). >> >> This comes with the expense of some one-time and ongoing operational >> work. Considering that anchors don't host any sensitive information, >> using self-signed certs (+TLSA) was so far considered good enough. > > Sorry for asking this question so late in this thread, but what exactly > are the certificates used for? The anchors provide very basic services intended to help users who want to use the anchors as measurement targets. They answer incoming ping, DNS and HTTP(S) queries (see https://atlas.ripe.net/docs/anchors/). The HTTP(S) service can respond with pages of various sizes which is intended to help PMTUD tests for example. It's possible that someone would want to check the TLS certificate of the measured anchor, in which case a "proper" certificate may come handy. Regards, Robert
- Previous message (by thread): [atlas] SSL Certificates for ripe anchors
- Next message (by thread): [atlas] SSL Certificates for ripe anchors
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]