February 21, 2014 Re: https everywhere | ||||
---|---|---|---|---|
| ||||
Posted in reply to Dicebot | On Friday, 21 February 2014 at 20:35:12 UTC, Dicebot wrote:
> On Friday, 21 February 2014 at 20:34:12 UTC, Walter Bright wrote:
>> dlang.org and dconf.org now support https,
>>
>> https://dlang.org
>> https://dconf.org
>>
>> Note that this is a self-signed certificate, and so when you first access it you'll get a dire warning from your browser.
>
> Why can't free startssl certificate be used?
The whole certification principle is about how much you trust who sign the certificate. I trust digital mas much more than startssl.
|
February 21, 2014 Re: https everywhere | ||||
---|---|---|---|---|
| ||||
Posted in reply to Adam Wilson | On Friday, 21 February 2014 at 20:46:05 UTC, Adam Wilson wrote:
> On Fri, 21 Feb 2014 12:40:29 -0800, Walter Bright <newshound2@digitalmars.com> wrote:
>>> Why can't free startssl certificate be used?
>>
>> I never heard of it.
>
> I don't think they allow it for anything other than personal use though.
Nope, they can be used for any purpose. All they do is verify you own the domain in question (not do the more rigorous confirmation of actual identity).
For $59.90 Walter could get a class 2 organization verification for Digital Mars and do code signing so we can get rid of that scary message when people run the installer. We use StartSSL for our code signing and website SSL and are happy with it.
|
February 21, 2014 Re: https everywhere | ||||
---|---|---|---|---|
| ||||
Posted in reply to deadalnix | On Fri, 21 Feb 2014 15:55:02 -0500, deadalnix <deadalnix@gmail.com> wrote:
> On Friday, 21 February 2014 at 20:35:12 UTC, Dicebot wrote:
>> On Friday, 21 February 2014 at 20:34:12 UTC, Walter Bright wrote:
>>> dlang.org and dconf.org now support https,
>>>
>>> https://dlang.org
>>> https://dconf.org
>>>
>>> Note that this is a self-signed certificate, and so when you first access it you'll get a dire warning from your browser.
>>
>> Why can't free startssl certificate be used?
>
> The whole certification principle is about how much you trust who sign the certificate. I trust digital mas much more than startssl.
The problem is not who deadalnix trusts, it's who the browser trusts.
I agree with others here, it should not be self-signed. It should be either unencrypted, or a trusted CA certificate.
-Steve
|
February 21, 2014 Re: https everywhere | ||||
---|---|---|---|---|
| ||||
Posted in reply to deadalnix | On Friday, 21 February 2014 at 20:55:04 UTC, deadalnix wrote:
> On Friday, 21 February 2014 at 20:35:12 UTC, Dicebot wrote:
>> On Friday, 21 February 2014 at 20:34:12 UTC, Walter Bright wrote:
>>> dlang.org and dconf.org now support https,
>>>
>>> https://dlang.org
>>> https://dconf.org
>>>
>>> Note that this is a self-signed certificate, and so when you first access it you'll get a dire warning from your browser.
>>
>> Why can't free startssl certificate be used?
>
> The whole certification principle is about how much you trust who sign the certificate. I trust digital mas much more than startssl.
Wrong. Don't confuse PGP with SSL, latter has nothing to do with trust in its current form.
|
February 21, 2014 Re: https everywhere | ||||
---|---|---|---|---|
| ||||
Posted in reply to Brad Anderson | On 2/21/2014 12:57 PM, Brad Anderson wrote:
> For $59.90 Walter could get a class 2 organization verification for Digital Mars
> and do code signing so we can get rid of that scary message when people run the
> installer. We use StartSSL for our code signing and website SSL and are happy
> with it.
Would that work for all the websites? I.e. digitalmars.com, dlang.org, etc., or would it be a separate charge for each?
|
February 21, 2014 Re: https everywhere | ||||
---|---|---|---|---|
| ||||
Posted in reply to Walter Bright | On Friday, 21 February 2014 at 21:37:39 UTC, Walter Bright wrote:
> On 2/21/2014 12:57 PM, Brad Anderson wrote:
>> For $59.90 Walter could get a class 2 organization verification for Digital Mars
>> and do code signing so we can get rid of that scary message when people run the
>> installer. We use StartSSL for our code signing and website SSL and are happy
>> with it.
>
> Would that work for all the websites? I.e. digitalmars.com, dlang.org, etc., or would it be a separate charge for each?
The one cost and you could cover everything. StartSSL is novel in that all they do is verify your identity then let you generate as many certificates as you want. Most other CAs charge on a per certificate basis. I'm pretty happy with StartSSL apart from their terrible website.
|
February 21, 2014 Re: https everywhere | ||||
---|---|---|---|---|
| ||||
Posted in reply to Walter Bright | On 2/21/14, 12:34 PM, Walter Bright wrote:
> dlang.org and dconf.org now support https,
>
> https://dlang.org
> https://dconf.org
>
> Note that this is a self-signed certificate, and so when you first
> access it you'll get a dire warning from your browser.
At this point I'm just repeating what others have already said, but self-signed is seriously unprofessional. It's worse than not having https from a reputation standpoint.
|
February 21, 2014 Re: https everywhere | ||||
---|---|---|---|---|
| ||||
Posted in reply to Walter Bright | On Friday, 21 February 2014 at 21:37:39 UTC, Walter Bright wrote:
> Would that work for all the websites? I.e. digitalmars.com, dlang.org, etc., or would it be a separate charge for each?
Any certificate is tied to domain or masked domain. Covering both *.digitalmars.com and *.dlang.org with same certificate is impossible.
|
February 21, 2014 Re: https everywhere | ||||
---|---|---|---|---|
| ||||
Posted in reply to Brad Anderson | On 2/21/2014 4:39 PM, Brad Anderson wrote:
> On Friday, 21 February 2014 at 21:37:39 UTC, Walter Bright wrote:
>>
>> Would that work for all the websites? I.e. digitalmars.com, dlang.org,
>> etc., or would it be a separate charge for each?
>
> The one cost and you could cover everything. StartSSL is novel in that
> all they do is verify your identity then let you generate as many
> certificates as you want. Most other CAs charge on a per certificate
> basis. I'm pretty happy with StartSSL apart from their terrible website.
This is true (I do it on my server, hosting a couple domains ATM).
However, unless they've changed it since I last looked, you can't do subdomains (other than www.*) with their free cert.
|
February 21, 2014 Re: https everywhere | ||||
---|---|---|---|---|
| ||||
Posted in reply to Brad Anderson | On 2/21/2014 3:57 PM, Brad Anderson wrote:
>
> For $59.90 Walter could get a class 2 organization verification for
> Digital Mars and do code signing so we can get rid of that scary message
> when people run the installer. We use StartSSL for our code signing and
> website SSL and are happy with it.
I think it's pretty much standard practice in the Windows world to ignore that warning. I've seen very little software that does bother with that code signing.
|
Copyright © 1999-2021 by the D Language Foundation