logo

ca-certificates

Unnamed repository; edit this file 'description' to name the repository. git clone https://hacktivis.me/git/ca-certificates.git

README.md (613B)


  1. # CA certificates
  2. Notes:
  3. * CAs are deprecated (for me), we should use alternatives (DANE is good, maybe a TLS-side HPKP, DNSSEC should be replaced with DNSCrypt or equivalent). So this is only for like… backward compatibility but still staying secure.
  4. ## Rules
  5. - CA root file MUST be OpenPGP signed or equivalent
  6. - Certification Autorities SHOULD verify owning of the address/domain and MUST NOT create know fake certificates
  7. - SHOULD follow latest recomendations/rules of cryptography (RFC, parts of : NSA, NIST, ANSSI)
  8. ## Dependencies
  9. * POSIX system
  10. * Internet (downloading CA root certificates)
  11. * OpenPGP