[OS X Emacs] Verifying Aquamacs

John Wroclawski jtw at csail.mit.edu
Fri Apr 24 15:31:30 EDT 2020


> On Apr 24, 2020, at 3:15 PM, Robert Goldman <rpgoldman at sift.info> wrote:
>> David Reitter
>>   Suggest disabling HTTPS on the website for now.
> I'm not a big fan of using HTTP, especially not for getting software I trust.

We had this discussion a few weeks ago, but. I fully understand your point, but in this case I wouldn’t worry about it much, because the software itself is signed. The whole point of that mechanism is that you don’t have to secure the channel because the s/w itself is crypto-validated.

That said,

> Can't we add the Let's Encrypt CA to the set of CAs we will accept?

I was wondering about this too. LE certs trace back to two separate rather well-known roots - see  https://letsencrypt.org/certificates/ <https://letsencrypt.org/certificates/> for full details. If Aquamacs is maintaining it’s own root CA store (not great), then adding one of these should be simple enough. OTOH, what it should really be doing is using Apple’s built-in certificate management functions and root store. But if it was doing that, this would all be working, I would expect. So I assume it’s not..


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://email.esm.psu.edu/pipermail/macosx-emacs/attachments/20200424/90735873/attachment.htm>

More information about the MacOSX-Emacs mailing list