signed, forest

This commit is contained in:
forest 2021-01-30 22:30:12 -06:00
parent a9bf277842
commit 01a31be091

View File

@ -109,7 +109,7 @@
X.509 introduced the concept of a Certificate Authority, or CA. X.509 introduced the concept of a Certificate Authority, or CA.
These CAs were supposed to be bank-like public institutions of power which everyone could trust. These CAs were supposed to be bank-like public institutions of power which everyone could trust.
The CA would create a key pair on an extremely secure computer, and then a CA Certificate (the public side of that key pair) The CA would create a key pair on an extremely secure computer, and then a CA Certificate (the public side of that key pair)
would be distributed along with every copy of Windows, Mac OS, and Linux. Then companies who wanted to run a secure web server would be distributed along with every copy of Windows, Mac OS, and Linux. Then folks who wanted to run a secure web server
could generate thier OWN key pair for thier web server, could generate thier OWN key pair for thier web server,
and pay the CA to sign thier web server's X.509 certificate (public key) with the highly protected CA private key. and pay the CA to sign thier web server's X.509 certificate (public key) with the highly protected CA private key.
Critically, issue date, expiration date, and the domain name of the web server, like foo.example.com, would have to be included Critically, issue date, expiration date, and the domain name of the web server, like foo.example.com, would have to be included
@ -258,8 +258,7 @@ Host key verification failed.
So what are technologists to do? Most cloud providers don't "provide" a secure and reliable way to get the SSH host public keys So what are technologists to do? Most cloud providers don't "provide" a secure and reliable way to get the SSH host public keys
for instances that users create on thier platform. For example, see this for instances that users create on thier platform. For example, see this
<a href="https://serverfault.com/questions/941915/verify-authenticity-of-ssh-host-on-digital-ocean-droplet-freebsd"> <a href="https://serverfault.com/questions/941915/verify-authenticity-of-ssh-host-on-digital-ocean-droplet-freebsd">
question posted by a frustrated user trying to secure thier connection to a digitalocean droplet question posted by a frustrated user trying to secure thier connection to a digitalocean droplet</a>.
</a>.
Besides using the provider's HTTPS-based console to log into the machine & directly read the public key, most of the time, Besides using the provider's HTTPS-based console to log into the machine & directly read the public key, most of the time,
providers recommend using a "userdata script", which runs when the machine boots, to upload the machine's SSH public keys to a providers recommend using a "userdata script", which runs when the machine boots, to upload the machine's SSH public keys to a
@ -326,7 +325,11 @@ Host key verification failed.
For more information on how to get started with Namecoin, see my For more information on how to get started with Namecoin, see my
<a href="https://sequentialread.com/how-to-register-a-namecoin-bit-domain-with-electrum-nmc/"> <a href="https://sequentialread.com/how-to-register-a-namecoin-bit-domain-with-electrum-nmc/">
Namecoin guide for webmasters</a>. Namecoin guide for webmasters</a>.
</p>
<p>
Cheers and best wishes,<br/>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Forest
</p> </p>
<hr/> <hr/>