Hey Nick, Glad it's working for you! :-) I wanted to respond to a couple of comments you made inline:
On Sat, Nov 5, 2011 at 6:26 AM, Nick Daly <[email protected]> wrote: > DDOSing it: I know that's a weak point in this structure. It weirds me > out that I need to *MITM myself* so the FBX can be reached, but I'm not > too worried that the Icelandic government's going to fake an SSL > certificate. Israel might, though, so it might be good to move PageKite > to a (root-)CA based in their own country. I think this is a misunderstanding. Sadly, anyone who can sign certificates can probably MITM us - it doesn't matter which root signs our cert, the browser will accept any valid signature from anywhere. I don't particularly trust Israel, but as I understand things, I'm afraid it doesn't really matter much. The only way I know to manage this risk is to use the Firefox and the Certificate Patrol plugin, or self signed certs (see below) and a security exception in the browser. PageKite's wildcard SSL service does not pretend to be a perfect solution and we hope our users understand the limitations of what we offer - but it is better than nothing. :-) If you switch to your own domain name and get your own certificate, you will be able to do end-to-end SSL encryption over PageKite and the our servers won't be able to see a thing. However, this will only work with modern browsers because it relies on recent features of the TLS standard which have not been implemented by everyone yet. So again, not a perfect solution. SSL is a mess... > Also, congratulations and thanks, again, to the PageKite folks. The > system works beautifully. Thanks for the kind words! Feel free to be in touch if we can help with anything. :-) -- Bjarni R. Einarsson Founder, lead developer of PageKite. Make localhost servers visible to the world: http://pagekite.net/ _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
