[Noisebridge-discuss] noisebridge.net SSL cert
Leif Ryge
leif at synthesize.us
Tue Feb 2 18:24:08 UTC 2010
On 02/02/2010 09:52 AM, Jason Dusek wrote:
> Noisebridge Ops could publish a certificate authority to add
> to our browsers/systems. Then Ops could issue more certs.
>
> Obviously, a certificate authority is not that useful if it's
> compromised; so we'd have to have policies about who can see
> the private bit and all that. Maybe more trouble then it is
> worth -- and maybe incompatible with the "way of Noisebridge".
>
> --
> Jason Dusek
If NB were to use a cert signed by a CA that isn't in browsers' default
trusted set, we should at least use one which many users have already
added to their browsers themselves - most likely, CAcert.org.
However, we've already paid for a certificate (issued in march, expires
this april) from rapidssl and as a result our SSL works in everyone's
browser without any warnings (except Sai's - wtf? details, please). So,
when this one expires, I think we should renew or buy a new one from
another browser-trusted CA.
I'm no fan of the pay-CA model (it basically boils down to "in dollars
we trust"), but currently it is the only way that we can have SSL on our
wiki and have it work everywhere without security warnings. Encouraging
users to accept those warnings and proceed anyway is bad.
~leif
More information about the Noisebridge-discuss
mailing list