This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ripe-atlas@ripe.net/
[atlas] SSL Certificates for ripe anchors
- Previous message (by thread): [atlas] SSL Certificates for ripe anchors
- Next message (by thread): [atlas] Apply for next RIPE NCC hackathons, in six locations!
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Marcel Flores
marcel.flores at verizondigitalmedia.com
Wed Sep 4 18:04:20 CEST 2019
Just to weigh in as both an Anchor host and a heavy Atlas user: we've found the self-signed certificates to be a non-issue. While I will not deny that they do show up in many internal security scans, self-signed certs fall well below other "issues" such as open ports, non-standard responses to version.bind queries, and strange traffic patterns. Such concerns are, however, mitigated by the understanding that the anchors are measurement points, and therefore may generate, and be subject to, non-standard (or perceived as traditionally insecure) behaviors. I can appreciate that there may be measurements (*i.e. *using the platform) that would be made easier with non-self-signed certificates, but I'm not sure I've seen that discussed here. -m On Wed, Sep 4, 2019 at 3:00 AM Robert Kisteleki <robert at ripe.net> wrote: > > On 2019-09-03 17:03, Randy Bush wrote: > > been using LE+TLSA for a loooong time. like 94 of us, i have recipies > > (for LE for sites w/o web services) if you need them. please do it. > > it's prudent. > > > > randy > > Thank you Randy for the offer! > > We'll check what it takes to add this to the anchors, and report back soon. > > Regards, > Robert > > -- *Marcel Flores, PhD* | Sr. Research Scientist research.verizondigitalmedia.com | AS15133 <https://www.peeringdb.com/asn/15133> e: marcel.flores at verizondigitalmedia.com 13031 W Jefferson Blvd. Building 900, Los Angeles, CA 90094 -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/ripe-atlas/attachments/20190904/40b29948/attachment.html>
- Previous message (by thread): [atlas] SSL Certificates for ripe anchors
- Next message (by thread): [atlas] Apply for next RIPE NCC hackathons, in six locations!
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]