-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2014-06-25 10:37, Jason KG4WSV wrote: >> On Jun 25, 2014, at 9:32 AM, "Eric H. Christensen" >> <[email protected]> wrote: >> >> Unfortunately a self-signed cert can't protect against MITM attacks >> until that certificate is downloaded (how can you know that you have >> downloaded the correct cert?). You can get a CA to sign the >> certificate for around $10 from ssls.com. Also, the cert doesn't >> support www.xastir.org which can be problematic. I'd also suggest >> signing the key with at least SHA256 instead of SHA1. >> >> Also, it appears that the server supports EXPORT cipher suites. I'd >> recommend just supporting HIGH ciphers. > > Dude, this is protecting a wiki password from spammers; it isn't your > bank account or anything.
Hmm... I suspect this is all about perception. People expect a certain amount of protection when they see a TLS-secured website. As someone who has to work with all kinds of websites it's important to do things correctly. If not, then why do it at all? Also, this is *not* going to protect you from spammers. - --Eric -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQGcBAEBCgAGBQJTquBXAAoJEB/kgVGp2CYvUA0L/2c8axU00R2Ye2HRisAoBaev wl2Z25lcFJqTzDQEZqeaGsw3tNXMpIjMGcnXfKhCqjyH6XJfIVubu3xmoR0oQaQt vc1GzUzMQ0vif1tEfhL0U2/GzrDgeDyPigz4HH17m2x2grZZalAPlz8xq/+4GbvR eIkpWbTHOGnGbnYu5u6ohjBetnQJoSy5BlsPGLYtS6NLuECeXnhZKXlYEjrPOIdu 07RT7WcMUnQZBzT/ctzaCb8EoIAevy9IHYESl80H/v38oki70E6c35dlzdEhnIAH jZNFUz5StcbDIKJpkMx1ZQhPaiklmjfQuTgsd8Q7Jn+uDEUob/1fJfqk0Gdvrild A06hZpgcX2ffGKcgCybSOp/C1jbKftUrZknu64QXNNnDC0ZonVyyAfPkGSEaT616 PjzMMv1u3wJ+GH+ip/kAflFFS1LYAc4VUuCVmjfks2Ga4Q1F5maD6+hMUi4BD7iN ZpsGpmojkF9usV+rd9YDDl0ORAEMyLRkUe+NCc6Dqw== =TtrZ -----END PGP SIGNATURE----- _______________________________________________ Xastir mailing list [email protected] http://xastir.org/mailman/listinfo/xastir
