Thanks Iavor et al.

I agree. I'll see what we can do. We have budget for this so hopefully it will be a simple matter of finding people to implement the change.

Jason

On Fri, Nov 2, 2012 at 10:34 AM, Iavor Diatchki <iavor.diatchki@gmail.com> wrote:
Hello,

I think that getting a certificate is a good idea.  I think this could probably be arranged by the haskell.org committee, which even has a budget for things like that, I believe.  I'm cc-ing Jason, who's on the committee and might have more input on what's the best way to proceed. 

Thanks for bringing this up!
-Iavor


On Fri, Nov 2, 2012 at 5:14 AM, Ramana Kumar <Ramana.Kumar@cl.cam.ac.uk> wrote:
Who is the webmaster for haskell.org? Presumably they will be required in the process of installing the certificate.

As far as obtaining goes, one can obtain a free certificate from StartSSL - see https://www.startssl.com
There are other CAs, but if nobody has any strong preferences, I recommend going with them.


On Tue, Oct 30, 2012 at 8:52 PM, Niklas Hambüchen <mail@nh2.me> wrote:
So how do we go forward about getting the SSL certificate and installing it?

On 29/10/12 01:06, Patrick Mylund Nielsen wrote:
> Sure. No matter what's done in Cabal, the clients for everything else
> will still be mainly browsers.
>
> On Mon, Oct 29, 2012 at 12:59 AM, Niklas Hambüchen <mail@nh2.me
> <mailto:mail@nh2.me>> wrote:
>
>     No matter what we do with cabal, it would be great if I could soon point
>     my browser at https://haskell.org *anyway*.
>
>     On 28/10/12 23:55, Patrick Mylund Nielsen wrote:
>     > Of course, as long as Cabal itself is distributed through this same
>     > https-enabled site, you have the same PKI-backed security as just
>     about
>     > any major website. This model has problems, yes, but it's good enough,
>     > and it's easy to use. If you really want to improve it (without
>     > impacting usability), have Google/the browser vendors pin the public
>     > cert for haskell.org <http://haskell.org> <http://haskell.org>.
>     >
>     > On Mon, Oct 29, 2012 at 12:45 AM, Patrick Mylund Nielsen
>     > <haskell@patrickmylund.com <mailto:haskell@patrickmylund.com>
>     <mailto:haskell@patrickmylund.com
>     <mailto:haskell@patrickmylund.com>>> wrote:
>     >
>     >     PGP tends to present many usability issues, and in this case it
>     >     would make more sense/provide a clearer win if there were many
>     >     different, semi-untrusted hackage mirrors. Just enable HTTPS and
>     >     have Cabal validate the server certificate against a CA pool
>     of one.
>     >     PKI/trusting obscure certificate authorities in Egypt and Syria is
>     >     the biggest concern here, not somebody MITMing your initial Cabal
>     >     installation (which in a lot of cases happens through apt-get or
>     >     yum, anyway.)
>     >
>     >
>     >     On Mon, Oct 29, 2012 at 12:34 AM, Changaco
>     <changaco@changaco.net <mailto:changaco@changaco.net>
>     >     <mailto:changaco@changaco.net <mailto:changaco@changaco.net>>>
>     wrote:
>     >
>     >         On Sun, 28 Oct 2012 17:07:24 -0400 Patrick Hurst wrote:
>     >         > How do you get a copy of cabal while making sure that
>     somebody
>     >         hasn't MITMed you and replaced the PGP key?
>     >
>     >         Ultimately it is a DNS problem. To establish a secure
>     connection
>     >         with
>     >         haskell.org <http://haskell.org> <http://haskell.org>
>     you'd have to get the
>     >         certificate from the DNS, but that
>     >         technology is not ready yet, so all you can do is check
>     the key
>     >         against
>     >         as many sources as possible like Michael Walker said.
>     >
>     >         On Sun, 28 Oct 2012 17:46:06 -0400 Patrick Hurst wrote:
>     >         > So why not use HTTPS?
>     >
>     >         Because it doesn't solve the problem.
>     >
>     >         _______________________________________________
>     >         Haskell-Cafe mailing list
>     >         Haskell-Cafe@haskell.org <mailto:Haskell-Cafe@haskell.org>
>     <mailto:Haskell-Cafe@haskell.org <mailto:Haskell-Cafe@haskell.org>>
>     >         http://www.haskell.org/mailman/listinfo/haskell-cafe
>     >
>     >
>     >
>     >
>     >
>     > _______________________________________________
>     > Haskell-Cafe mailing list
>     > Haskell-Cafe@haskell.org <mailto:Haskell-Cafe@haskell.org>
>     > http://www.haskell.org/mailman/listinfo/haskell-cafe
>     >
>
>     _______________________________________________
>     Haskell-Cafe mailing list
>     Haskell-Cafe@haskell.org <mailto:Haskell-Cafe@haskell.org>
>     http://www.haskell.org/mailman/listinfo/haskell-cafe
>
>

_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe


_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe