XSF Communications Team - 2020-11-16

  1. emus

    Hello everyone, mid of month again - just reminding you to drop your project news to the last XMPP newsletter release in this year! (Publish on 8th of December!) 📡 You can create a pull request or place a comment here: https://github.com/xsf/xmpp.org/pull/830 Looking forward!

  2. emus

    I know, you guys know already, but just for completeness I drop it here too

  3. emus

    Reminder to PR this myself > Let's Encrypt announced to [switch away from their Root CA certificate cross-signed by IdenTrust](https://letsencrypt.org/2020/11/06/own-two-feet.html). This means that old client devices (especially the roughly one third of Android phones running Android 7.0 and older) will consider Let's Encrypt certificates issued after January 11th 2021 as untrustworthy. This problem will not go away, as the IdenTrust cross-signed certificate will expire in September, but there are some possible mitigations: > - For users: it is possible, but not very straight-forward to [add the new Root CA certificate to the system trust store](https://stackoverflow.com/a/22040887/) > - Client developers can bundle the new [ISG Root X1](https://letsencrypt.org/certificates/) certificate with the app, or implement a manual CA approval mechanism like [MemorizingTrustManager](https://github.com/ge0rg/MemorizingTrustManager) > - Server operators can use the ["alternate" option](https://community.letsencrypt.org/t/transition-to-isrgs-root-delayed-until-jan-11-2021/125516) between January and September to obtain certificates signed by the old IdenTrust-based root. thanks Ge0rG

  4. Licaon_Kter

    emus, this post might help, with pictures and such: https://www.stoutner.com/lets-encrypt-isrg-root-x1-and-privacy-browser/

  5. emus

    Licaon_Kter: thanks!

  6. emus

    I may just link to this as I rather want to announce the issue than make a whole article. But I will link this defintively