I think that you should avoid making this an exercise in marketing
Mozilla's Let's Encrypt initiative.
Perhaps that's why Richard took the time to make a comprehensive list of
all known sources of free certs, rather than just mentioning LE?
Yeah, that's what I thought when I first posted
You're pretty far off in the weeds here. I'll try to help you with some
of your misconceptions.
I pretty much knew I was. Good luck with the project, I'm looking forward to
at least no-passive attack encryption being on-by-default... I hope that you
don't get abducted by people in
http://sockpuppet.org/blog/2015/01/15/against-dnssec/
http://sockpuppet.org/stuff/dnssec-qa.html
https://www.imperialviolet.org/2015/01/17/notdane.html
Yawn - those were all terrible articles. To summarise their points: NSA is
bad, some DNS servers are out of date, DNSSEC may be still
realistic idea. Meanwhile, HTTPS exists, is widely deployed, works,
and is the focus of this thread.
http://www.zdnet.com/article/google-banishes-chinas-main-digital-certificate-authority-cnnic/
Sure it works :)
___
dev-platform mailing list
Something entirely off-topic: I'd like to inform people that your replies to
popular threads like this unsigned, with only a notion of identity in an
obscure email address, makes me - and I'm sure others too - skip your message
or worse; not take it seriously.
Not everyone has the luxury
There are already multiple sources of free publicly-trusted certificates,
with more on the way.
https://www.startssl.com/
https://buy.wosign.com/free/
https://blog.cloudflare.com/introducing-universal-ssl/
https://letsencrypt.org/
I think that you should avoid making this an exercise in
Yep. That's the system working. CA does something they shouldn't, we
find out, CA is no longer trusted (perhaps for a time).
Or do you have an alternative system design where no-one ever makes a
mistake and all the actors are trustworthy?
Gerv
Yes - as I said previously. Do the existing
2) Protected by subresource integrity from a secure host
This would allow website operators to securely serve static assets from
non-HTTPS servers without MITM risk, and without breaking transparent caching
proxies.
Is that a complicated word for SHA512 HASH? :) You could envisage a new
I would politely ask you how many users you think are
both interested in, able to understand, and willing to take decisions
based on _six_ different security states in a browser?
I think this thread is about deprecating things and moving developers onto more
secure platforms. To do that,
* If we have to rely, cost of certificates must be zero. These for the simple
reason than not everyone is living in a rich industrialized country.
Certificates (and paying for them) is an artificial economy. If I register a
DNS address, I should get a certificate to go with it. Heck, last
10 matches
Mail list logo
