On Sun, Jun 24, 2012 at 9:33 PM, Matthias-Christian Ott <[email protected]> wrote: > On 2012-06-24 22:49, Daniel Kahn Gillmor wrote: >> That said, i'd like to point out that your concerns about provider >> control of your persistent address are *exactly* why we need a common >> naming scheme that doesn't encourage this kind of hierarchy. > > For security you don't need to have this. Encryption and authentication > is performed end-to-end. > > As far as I understand it, you can use PageKite with your own X.509 > certificates and with Certificate Patrol this should be pretty good > security. PageKite can only stop to forward data, as any other internet > access provider can. So it don't see a real problem here.
It can be if the user configures it that way. This is not the default (or common case) though, as we had to make some difficult choices between usability and security - most of our current users are web developers who do not share the concerns of the FreedomBox community, they just want a tool to make their jobs easier. However, if PageKite were used as part of the FreedomBox or a related tool, this (self-signed SSL, end-to-end HTTPS) is how I would recommend configuring it. The advantage to doing it that way is you could crowd-source the front-ends since as you say, they have no ability to mess with the payload. You definitely don't want to crowd-source relays for unencrypted HTTP though, as malware authors would quickly grab the opportunity to inject exploits into other peoples' pages. -- Bjarni R. Einarsson Founder, lead developer of PageKite. Make localhost servers visible to the world: https://pagekite.net/ _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
