welcome: please sign in

The following 274 words could not be found in the dictionary of 7 words (including 7 LocalSpellingWords) and are highlighted below:
above   acquire   actual   advocated   Aftermath   allowing   an   analyze   analyzer   and   another   Apache   apache   appointed   appropriate   are   as   at   attached   attack   attacks   Automatic   away   be   because   being   best   big   browser   browsers   Browsers   bug   bugzilla   But   but   by   can   capped   cert   Cert   certificate   certificates   Certificates   Certification   certmaster   certs   cgi   charges   choices   Class   clean   Clinton   com   confirmed   Coop   cost   current   days   decommissioned   Deleuze   deleuze   Disadvantages   do   docs   documentation   does   domain   dubious   easier   Ebadi   en   enable   evidently   expensive   extended   fairly   few   Fixed   focus   for   Fortunately   Forward   free   from   funds   Gandi   gandi   get   gets   good   Grade   hand   has   have   having   hcoop   Heartbleed   heartbleed   Here   hit   honking   However   html   http   httpd   https   id   Ignoring   immediate   improvement   in   inexpensive   information   insecure   installing   is   issue   it   itself   keys   Labs   look   lose   machines   makes   manner   may   member   members   might   mitigate   mod   moment   money   most   multiple   must   navajos   need   net   No   no   not   now   obsolete   of   offers   older   on   one   only   Open   opening   opportunity   options   org   organization   Organizational   organizational   other   particularly   per   Perfect   perhaps   personally   plenty   Potential   private   Problem   problem   problematic   problems   proper   protection   protocols   provide   providing   re   reference   registrations   remaining   renegotiation   report   Report   reports   request   revocations   right   run   scared   scheduled   secrecy   Secrecy   secure   secured   security   See   see   self   sense   Server   set   show   signed   Since   slight   solution   solve   some   spring   ssl   sslciphersuite   ssllabs   ssltest   Standard   Start   start   startssl   State   status   still   straightforward   stronger   subdomains   support   supports   take   tend   that   the   their   them   There   these   These   thinks   this   ticket   to   trust   trusted   two   unlikely   unlimited   up   us   use   using   validation   value   verification   verified   vulnerable   wait   want   Warning   warnings   wasn   We   we   weeks   which   while   wiki   wikipedia   Wildcard   wildcard   will   with   within   www   year   You   you  

Clear message


1. Heartbleed Aftermath

Fortunately HCoop wasn't hit by the OpenSSL Heartbleed bug. However this perhaps is an opportunity for some spring clean up.

These reports do not look good:

(Warning: their analyzer may need to run, and you might need to wait a while to see the actual report.)

Here's the status of navajos: it gets an F per the above SSL Labs report, because:

Deleuze is particularly problematic, because:

Since deleuze is scheduled to be decommissioned, we might want to focus on the remaining problems.

1.1. CA Certification

Problem: Browsers do not trust HCoop's self-signed certificate. Potential members might be scared away by big honking browser warnings. We might want to get a "proper" CA-signed certificate; perhaps a wildcard one. But these tend to be fairly expensive.

These are the choices at the moment, to solve the immediate problem in an inexpensive manner:

HCoop has plenty of funds on hand, opening up two other options

ClintonEbadi thinks that a Gandi wildcard certificate makes the most sense right now (easier, and providing organization information in a cert is of dubious value).

1.2. Perfect Forward Secrecy

Forward Secrecy is being advocated as a solution that offers stronger protection for private keys; evidently it is straightforward to enable with Apache.

See ticket #113.

HeartBleedAfterMath (last edited 2014-04-19 00:32:33 by ClintonEbadi)