https everywhere (page 3)

On 2/21/2014 3:55 PM, deadalnix wrote: > On Friday, 21 February 2014 at 20:35:12 UTC, Dicebot wrote: >> On Friday, 21 February 2014 at 20:34:12 UTC, Walter Bright wrote: >>> dlang.org and dconf.org now support https, >>> >>> https://dlang.org >>> https://dconf.org >>> >>> Note that this is a self-signed certificate, and so when you first >>> access it you'll get a dire warning from your browser. >> >> Why can't free startssl certificate be used? > > The whole certification principle is about how much you trust who sign > the certificate. I trust digital mas much more than startssl. Self-signed certs *can't* be trusted to be from the party they claim to be from. Anyone can generate a self-signed cert claiming to be Digital Mars.

On Friday, 21 February 2014 at 21:50:21 UTC, Nick Sabalausky wrote: > On 2/21/2014 3:57 PM, Brad Anderson wrote: >> >> For $59.90 Walter could get a class 2 organization verification for >> Digital Mars and do code signing so we can get rid of that scary message >> when people run the installer. We use StartSSL for our code signing and >> website SSL and are happy with it. > > I think it's pretty much standard practice in the Windows world to ignore that warning. I've seen very little software that does bother with that code signing. I think it's ignored by users like you and I but at my work we'd get worried calls from our customers thinking our installer was unsafe so we ended up adding code signing.

On Friday, 21 February 2014 at 21:44:19 UTC, Dicebot wrote: > On Friday, 21 February 2014 at 21:37:39 UTC, Walter Bright wrote: >> Would that work for all the websites? I.e. digitalmars.com, dlang.org, etc., or would it be a separate charge for each? > > Any certificate is tied to domain or masked domain. Covering both *.digitalmars.com and *.dlang.org with same certificate is impossible. This doesn't apply because StartSSL lets you create as many certificates as you want.

On Friday, 21 February 2014 at 22:52:46 UTC, Brad Anderson wrote: > On Friday, 21 February 2014 at 21:44:19 UTC, Dicebot wrote: >> On Friday, 21 February 2014 at 21:37:39 UTC, Walter Bright wrote: >>> Would that work for all the websites? I.e. digitalmars.com, dlang.org, etc., or would it be a separate charge for each? >> >> Any certificate is tied to domain or masked domain. Covering both *.digitalmars.com and *.dlang.org with same certificate is impossible. > > This doesn't apply because StartSSL lets you create as many certificates as you want. Yes, of course, but it won't be the same certificate. Walters question was about paid verified certificates.

On 2/21/14, 3:35 PM, Dicebot wrote: > On Friday, 21 February 2014 at 20:34:12 UTC, Walter Bright wrote: >> dlang.org and dconf.org now support https, >> >> https://dlang.org >> https://dconf.org >> >> Note that this is a self-signed certificate, and so when you first >> access it you'll get a dire warning from your browser. > > Why can't free startssl certificate be used? We could use a Free StartSSL certificate if that gives any benefit over a self-signed certificate.

On 2/21/14, 3:43 PM, Adam Wilson wrote: > On Fri, 21 Feb 2014 12:42:10 -0800, Dicebot <public@dicebot.lv> wrote: > >> On Friday, 21 February 2014 at 20:39:28 UTC, Adam Wilson wrote: >>> It probably has to do with the fact that the NSA owns every Root >>> Signing Key in the world. >> >> And how it is relevant? Not like we are speaking about security here - >> nothing sensitive is transferred from dlang.org; using self-signed >> certificates for public pages is just weird. > > I agree, it's not exactly welcoming due to how browsers handle them. > Read what the browser says. Look at the information the browser displays the certificate. What then is the problem???

On 2/21/14, 3:40 PM, Walter Bright wrote: > On 2/21/2014 12:35 PM, Dicebot wrote: >> On Friday, 21 February 2014 at 20:34:12 UTC, Walter Bright wrote: >>> dlang.org and dconf.org now support https, >>> >>> https://dlang.org >>> https://dconf.org >>> >>> Note that this is a self-signed certificate, and so when you first >>> access it >>> you'll get a dire warning from your browser. >> >> Why can't free startssl certificate be used? > > I never heard of it. Neither have I... I know there is www.cacert.org but as far as I know their certs are still not integrated in the browser SSL store.

On 2/21/14, 3:55 PM, deadalnix wrote: > On Friday, 21 February 2014 at 20:35:12 UTC, Dicebot wrote: >> On Friday, 21 February 2014 at 20:34:12 UTC, Walter Bright wrote: >>> dlang.org and dconf.org now support https, >>> >>> https://dlang.org >>> https://dconf.org >>> >>> Note that this is a self-signed certificate, and so when you first >>> access it you'll get a dire warning from your browser. >> >> Why can't free startssl certificate be used? > > The whole certification principle is about how much you trust who sign > the certificate. I trust digital mas much more than startssl. :-)

February 21, 2014

Re: https everywhere

Posted by Brad Anderson
in reply to Dicebot

Permalink

Brad Anderson

Posted in reply to Dicebot

Permalink

On Friday, 21 February 2014 at 22:59:39 UTC, Dicebot wrote:
> On Friday, 21 February 2014 at 22:52:46 UTC, Brad Anderson wrote:
>> On Friday, 21 February 2014 at 21:44:19 UTC, Dicebot wrote:
>>> On Friday, 21 February 2014 at 21:37:39 UTC, Walter Bright wrote:
>>>> Would that work for all the websites? I.e. digitalmars.com, dlang.org, etc., or would it be a separate charge for each?
>>>
>>> Any certificate is tied to domain or masked domain. Covering both *.digitalmars.com and *.dlang.org with same certificate is impossible.
>>
>> This doesn't apply because StartSSL lets you create as many certificates as you want.
>
> Yes, of course, but it won't be the same certificate. Walters question was about paid verified certificates.

Walter's question is about whether the paid StartSSL verification I mentioned would let him cover all of those things for a single price (which it would). Not about whether a single certificate could be made to cover all of those things.

On Friday, 21 February 2014 at 23:12:32 UTC, Brad Anderson wrote: > Walter's question is about whether the paid StartSSL verification I mentioned would let him cover all of those things for a single price (which it would). Not about whether a single certificate could be made to cover all of those things. Then please disregard my obviously wrong answer :)

Forums