Just for the story about startssl, unlike Confidant Mail which should
use https, I think, despite of the fact that they don't trust it, like
all of us, it's still better than nothing, I have explained several time
here why we could not use https to retrieve the Peersm code.
There was an artifice where the js code was retrieved using https inside
a http page with an additional key mechanism, which of course is of a
little use but still better than nothing again.
Now when it came the time to renew this startssl certificate some months
ago, unfortunately the Peersm site was tagged as infected by Google
safebrowsing during some days, then startssl did not want to renew the
certificate.
I contacted Google safebrowsing's team since it's impossible that the
Peersm site got infected by anything else than the Peersm app code
itself (or Google itself via yt) where I think I know why safebrowsing's
AVs could have possibly detected wrongly a problem, so I asked them to
rescan the site to identify the issue or to confirm to startssl that
there were no problems.
It did not work up to now, then I gave up with the SSL certificate, it
just failed because safebrowsing was wrong and because startssl's
procedures are based on this, they told me that they were obliged to do
so, but at the end that's another kind of censorship because a tool
(safebrowsing) can be wrong, I hope letsencrypt will not reproduce this.
Le 04/02/2015 13:27, CJ a écrit :
On 04/02/15 13:19, Paul Syverson wrote:
On Wed, Feb 04, 2015 at 06:58:28AM +0100, CJ wrote:
On 02/04/2015 06:19 AM, Seth wrote:
On Tue, 03 Feb 2015 20:01:36 -0800, Andrew Roffey <[email protected]>
wrote:
- there is a cost of obtaining HTTPS signatures.
Not certain if the deal is still being offered, but for quite a while
you could get a free TLS/SSL certificate good for one year when
registering or transferring a domain to namecheap.com
Then if you needed to renew it, or just buy more, you could pick them up
for $2/yr just by purchasing another qualifying product, such a year of
whoisguard for $2.88.
Point being, the cost of certificates can be negligible if you know
where to look.
not to mention StartSSL and their free certificates… Well, ok, maybe not
the cleanest and trustworthy thing, but you can still provide the CSR,
meaning you own the key. And they support 4096b with sha2…
See also https://letsencrypt.org/
Let's Encrypt plans to offer free and automatic to set up certificates
from a recognized authority starting in mid-2015. (Not quite ready
yet.) It is backed by EFF, Mozilla, Akamai, Cisco, and Identrust.
-Paul
right — can't wait for this one. In the meanwhile I stick with startssl…
--
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms
--
tor-talk mailing list - [email protected]
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
