From debbugs-submit-bounces@debbugs.gnu.org Fri Apr 16 20:10:29 2021 Received: (at 47823) by debbugs.gnu.org; 17 Apr 2021 00:10:29 +0000 Received: from localhost ([127.0.0.1]:41960 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lXYXZ-0002vN-Tx for submit@debbugs.gnu.org; Fri, 16 Apr 2021 20:10:29 -0400 Received: from lepiller.eu ([89.234.186.109]:34482) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lXYXU-0002v8-Tq for 47823@debbugs.gnu.org; Fri, 16 Apr 2021 20:10:24 -0400 Received: from lepiller.eu (localhost [127.0.0.1]) by lepiller.eu (OpenSMTPD) with ESMTP id 64a8fa1c; Sat, 17 Apr 2021 00:10:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=lepiller.eu; h=date :in-reply-to:references:mime-version:content-type :content-transfer-encoding:subject:to:cc:from:message-id; s= dkim; bh=Ur5byhPj2zekcuFEm1uEygd8uD3WjPwziHbnN6QNQio=; b=WFWLror 2gbfgg8Toze6Ic+tOTEYAF4rU7EoNIFUQ8zA8TWX2JM7n4GncLl5OeGzdfaywsgF 1iznkTJT6uLKbLt9BBW9h9VoAyTLwXkJwLJ6/N7EElzhBzVjgT95i9i5OusqXqcc nSBGwtuK55vvLvR2wS4GvE5B/L7pryzlhIV9taqZAWONHS2CPkKw9RpUMkvOfj2I PXIuLwmmyRWufJFy/qSMdixNvc3aWdGmrdLaeFT4y6K3Q5gbmOSthzONXLoo/AXk JExYV6NfNnGRSZuBWGbU3BM778sUY7aWPPyM4WaY8+wKL4tD/bi7zKvwcr6gdaDI fYs+moqRWot0N2A== Received: by lepiller.eu (OpenSMTPD) with ESMTPSA id 440dad28 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Sat, 17 Apr 2021 00:10:17 +0000 (UTC) Date: Fri, 16 Apr 2021 20:10:11 -0400 User-Agent: K-9 Mail for Android In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: bug#47823: Hardenize Guix website TLS/DNS To: Leo Famulari ,bo0od From: Julien Lepiller Message-ID: <4BF8EE8A-C2B4-429A-A0DF-928155A5802E@lepiller.eu> X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 47823 Cc: 47823@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Le 16 avril 2021 12:15:25 GMT-04:00, Leo Famulari a = =C3=A9crit : >On Fri, Apr 16, 2021 at 11:00:05AM +0000, bo0od wrote: >> Scanning Guix website gave many missing security features which >modern >> security needs them to be available: >>=20 >> * TLS and DNS: >>=20 >> looking at: >>=20 >> https://www=2Ehardenize=2Ecom/report/guix=2Egnu=2Eorg/1618568751 >>=20 >> https://www=2Essllabs=2Ecom/ssltest/analyze=2Ehtml?d=3Dguix=2Egnu=2Eorg > >Thanks! > >> - DNS: DNSSEC support missing (important) > >Hm, is it important? My impression is that it's an idea whose time has >passed without significant adoption=2E > >But maybe we could enable it if the costs are not too great=2E gnu=2Eorg does not have dnssec, so we'd need them to work on that first=2E