Who is the webmaster for <a href="http://haskell.org" target="_blank">haskell.org</a>? Presumably they will be required in the process of installing the certificate.<br><br>As far as obtaining goes, one can obtain a free certificate from StartSSL - see <a href="https://www.startssl.com" target="_blank">https://www.startssl.com</a><br>


There are other CAs, but if nobody has any strong preferences, I recommend going with them.<br><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Oct 30, 2012 at 8:52 PM, Niklas Hambüchen <span dir="ltr">&lt;<a href="mailto:mail@nh2.me" target="_blank">mail@nh2.me</a>&gt;</span> wrote:<br>


<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">So how do we go forward about getting the SSL certificate and installing it?<br>
<div><br>
On 29/10/12 01:06, Patrick Mylund Nielsen wrote:<br>
&gt; Sure. No matter what&#39;s done in Cabal, the clients for everything else<br>
&gt; will still be mainly browsers.<br>
&gt;<br>
&gt; On Mon, Oct 29, 2012 at 12:59 AM, Niklas Hambüchen &lt;<a href="mailto:mail@nh2.me" target="_blank">mail@nh2.me</a><br>
</div><div>&gt; &lt;mailto:<a href="mailto:mail@nh2.me" target="_blank">mail@nh2.me</a>&gt;&gt; wrote:<br>
&gt;<br>
&gt;     No matter what we do with cabal, it would be great if I could soon point<br>
&gt;     my browser at <a href="https://haskell.org" target="_blank">https://haskell.org</a> *anyway*.<br>
&gt;<br>
&gt;     On 28/10/12 23:55, Patrick Mylund Nielsen wrote:<br>
&gt;     &gt; Of course, as long as Cabal itself is distributed through this same<br>
&gt;     &gt; https-enabled site, you have the same PKI-backed security as just<br>
&gt;     about<br>
&gt;     &gt; any major website. This model has problems, yes, but it&#39;s good enough,<br>
&gt;     &gt; and it&#39;s easy to use. If you really want to improve it (without<br>
&gt;     &gt; impacting usability), have Google/the browser vendors pin the public<br>
</div>&gt;     &gt; cert for <a href="http://haskell.org" target="_blank">haskell.org</a> &lt;<a href="http://haskell.org" target="_blank">http://haskell.org</a>&gt; &lt;<a href="http://haskell.org" target="_blank">http://haskell.org</a>&gt;.<br>



<div>&gt;     &gt;<br>
&gt;     &gt; On Mon, Oct 29, 2012 at 12:45 AM, Patrick Mylund Nielsen<br>
&gt;     &gt; &lt;<a href="mailto:haskell@patrickmylund.com" target="_blank">haskell@patrickmylund.com</a> &lt;mailto:<a href="mailto:haskell@patrickmylund.com" target="_blank">haskell@patrickmylund.com</a>&gt;<br>
</div>&gt;     &lt;mailto:<a href="mailto:haskell@patrickmylund.com" target="_blank">haskell@patrickmylund.com</a><br>
<div>&gt;     &lt;mailto:<a href="mailto:haskell@patrickmylund.com" target="_blank">haskell@patrickmylund.com</a>&gt;&gt;&gt; wrote:<br>
&gt;     &gt;<br>
&gt;     &gt;     PGP tends to present many usability issues, and in this case it<br>
&gt;     &gt;     would make more sense/provide a clearer win if there were many<br>
&gt;     &gt;     different, semi-untrusted hackage mirrors. Just enable HTTPS and<br>
&gt;     &gt;     have Cabal validate the server certificate against a CA pool<br>
&gt;     of one.<br>
&gt;     &gt;     PKI/trusting obscure certificate authorities in Egypt and Syria is<br>
&gt;     &gt;     the biggest concern here, not somebody MITMing your initial Cabal<br>
&gt;     &gt;     installation (which in a lot of cases happens through apt-get or<br>
&gt;     &gt;     yum, anyway.)<br>
&gt;     &gt;<br>
&gt;     &gt;<br>
&gt;     &gt;     On Mon, Oct 29, 2012 at 12:34 AM, Changaco<br>
&gt;     &lt;<a href="mailto:changaco@changaco.net" target="_blank">changaco@changaco.net</a> &lt;mailto:<a href="mailto:changaco@changaco.net" target="_blank">changaco@changaco.net</a>&gt;<br>
</div>&gt;     &gt;     &lt;mailto:<a href="mailto:changaco@changaco.net" target="_blank">changaco@changaco.net</a> &lt;mailto:<a href="mailto:changaco@changaco.net" target="_blank">changaco@changaco.net</a>&gt;&gt;&gt;<br>


<div>&gt;     wrote:<br>
&gt;     &gt;<br>
&gt;     &gt;         On Sun, 28 Oct 2012 17:07:24 -0400 Patrick Hurst wrote:<br>
&gt;     &gt;         &gt; How do you get a copy of cabal while making sure that<br>
&gt;     somebody<br>
&gt;     &gt;         hasn&#39;t MITMed you and replaced the PGP key?<br>
&gt;     &gt;<br>
&gt;     &gt;         Ultimately it is a DNS problem. To establish a secure<br>
&gt;     connection<br>
&gt;     &gt;         with<br>
</div>&gt;     &gt;         <a href="http://haskell.org" target="_blank">haskell.org</a> &lt;<a href="http://haskell.org" target="_blank">http://haskell.org</a>&gt; &lt;<a href="http://haskell.org" target="_blank">http://haskell.org</a>&gt;<br>



<div>&gt;     you&#39;d have to get the<br>
&gt;     &gt;         certificate from the DNS, but that<br>
&gt;     &gt;         technology is not ready yet, so all you can do is check<br>
&gt;     the key<br>
&gt;     &gt;         against<br>
&gt;     &gt;         as many sources as possible like Michael Walker said.<br>
&gt;     &gt;<br>
&gt;     &gt;         On Sun, 28 Oct 2012 17:46:06 -0400 Patrick Hurst wrote:<br>
&gt;     &gt;         &gt; So why not use HTTPS?<br>
&gt;     &gt;<br>
&gt;     &gt;         Because it doesn&#39;t solve the problem.<br>
&gt;     &gt;<br>
&gt;     &gt;         _______________________________________________<br>
&gt;     &gt;         Haskell-Cafe mailing list<br>
&gt;     &gt;         <a href="mailto:Haskell-Cafe@haskell.org" target="_blank">Haskell-Cafe@haskell.org</a> &lt;mailto:<a href="mailto:Haskell-Cafe@haskell.org" target="_blank">Haskell-Cafe@haskell.org</a>&gt;<br>
</div>&gt;     &lt;mailto:<a href="mailto:Haskell-Cafe@haskell.org" target="_blank">Haskell-Cafe@haskell.org</a> &lt;mailto:<a href="mailto:Haskell-Cafe@haskell.org" target="_blank">Haskell-Cafe@haskell.org</a>&gt;&gt;<br>


<div><div>&gt;     &gt;         <a href="http://www.haskell.org/mailman/listinfo/haskell-cafe" target="_blank">http://www.haskell.org/mailman/listinfo/haskell-cafe</a><br>
&gt;     &gt;<br>
&gt;     &gt;<br>
&gt;     &gt;<br>
&gt;     &gt;<br>
&gt;     &gt;<br>
&gt;     &gt; _______________________________________________<br>
&gt;     &gt; Haskell-Cafe mailing list<br>
&gt;     &gt; <a href="mailto:Haskell-Cafe@haskell.org" target="_blank">Haskell-Cafe@haskell.org</a> &lt;mailto:<a href="mailto:Haskell-Cafe@haskell.org" target="_blank">Haskell-Cafe@haskell.org</a>&gt;<br>
&gt;     &gt; <a href="http://www.haskell.org/mailman/listinfo/haskell-cafe" target="_blank">http://www.haskell.org/mailman/listinfo/haskell-cafe</a><br>
&gt;     &gt;<br>
&gt;<br>
&gt;     _______________________________________________<br>
&gt;     Haskell-Cafe mailing list<br>
&gt;     <a href="mailto:Haskell-Cafe@haskell.org" target="_blank">Haskell-Cafe@haskell.org</a> &lt;mailto:<a href="mailto:Haskell-Cafe@haskell.org" target="_blank">Haskell-Cafe@haskell.org</a>&gt;<br>
&gt;     <a href="http://www.haskell.org/mailman/listinfo/haskell-cafe" target="_blank">http://www.haskell.org/mailman/listinfo/haskell-cafe</a><br>
&gt;<br>
&gt;<br>
<br>
_______________________________________________<br>
Haskell-Cafe mailing list<br>
<a href="mailto:Haskell-Cafe@haskell.org" target="_blank">Haskell-Cafe@haskell.org</a><br>
<a href="http://www.haskell.org/mailman/listinfo/haskell-cafe" target="_blank">http://www.haskell.org/mailman/listinfo/haskell-cafe</a><br>
</div></div></blockquote></div><br></div>