HTTPS Everywhere: Encryption for All WordPress.com Sites
-
-
@aaronstuder said:
@tonyshowoff said:
@aaronstuder Thank you
Any warnings?
No, not in Chrome, IE, Opera, or Firefox (as presumed). This is great! But my criticism above stands when it comes to independent authorities and my criticism of the sign-monster coming on board in the first place without a free option available back then. I really hope this makes a big dent in the absolute scam that is the signed certificate industry.
The only criticism I do have is that they do not support wild card and apparently don't plan to anytime soon, according to community posts I found (granted from months ago). Until wildcard is supported, Versign, Thawt, etc will continue to just exploit the hell out of people. Having said that, this is a great start. There was that one SSL service which provided "free" SSL for years now, but it's a pain in the ass to setup, and their site basically wants you to be an expert to avoid having to pay.
Great start, wonderful
-
@tonyshowoff I agree. Wildcard support would be excellent, but the price is right Remember that you can generate more then one. (domain.com, mail.domain.com, owncloud.domain.com, etc)
-
@aaronstuder said:
@tonyshowoff I agree. Wildcard support would be excellent, but the price is right Remember that you can generate more then one. (domain.com, mail.domain.com, owncloud.domain.com, etc)
Indeed, like I said, great start, if nothing else hopefully it will cause the prices in wildcards to drop due to fears of people leaving their current issuers.
-
The problem with free is someone has to pay for the servers that support it. I'm really glad that the EFF has decided to do Let's Encrypt - something that took them well over a year after they first announced it before it was working.
To boot strap themselves, they have their root certificate signed by someone that most if not all browsers already trusted until they get their own root cert accepted by most if not all browsers directly.
-
@Dashrender said:
The problem with free is someone has to pay for the servers that support it. I'm really glad that the EFF has decided to do Let's Encrypt - something that took them well over a year after they first announced it before it was working.
It's not that expensive though overall. The cost of servers and bandwidth is lower than ever (and will continue to drop, as per Moore's Law and the bandwidth equivalent). Issuers rarely ever use this as a point for arguing the costs, they claim it's for the insurance in case of certificate failure. Of course, this is total nonsense, it's not the certificates which fail, it's the protocols/software/etc and those are not included in their "insurance" policies.
Versign, Thawt, etc have collected tens of billions of dollars in fees for something that would cost several thousand a year to host, but how much have they given out in insurance? I know of none at all in the last 20 years.
They know this, so it's why the entry into it is so high to become an authority. Basically all the arguments they use are the same ones the early registrars used for their pricing. And as we know now, the cost of a domain is extremely tiny and chaos did not ensure when prices dropped, aside from the lack of rules regarding squatters.
-
Frankly, I'm frustrated that ICANN has allows so many registrars and SSL cert providers. There are over 1400 CAs trusted by Windows in 2010.
Any one of those CAs can be compromised and their root cert used to sign fake certs for any site on the internet, instantly having Windows trust those certs.
The whole security model on the internet is just broken. We don't have secure DNS or reliable Certificate Pinning.
-
@Dashrender said:
Frankly, I'm frustrated that ICANN has allows so many registrars and SSL cert providers. There are over 1400 CAs trusted by Windows in 2010.
Any one of those CAs can be compromised and their root cert used to sign fake certs for any site on the internet, instantly having Windows trust those certs.
The whole security model on the internet is just broken. We don't have secure DNS or reliable Certificate Pinning.
It would be a monopoly if they didn't make it basically open. Or monopoly-ish. Not an open market.
-
@Dashrender said:
The whole security model on the internet is just broken. We don't have secure DNS or reliable Certificate Pinning.
The Internet doesn't have a security model.
-
@scottalanmiller said:
@Dashrender said:
Frankly, I'm frustrated that ICANN has allows so many registrars and SSL cert providers. There are over 1400 CAs trusted by Windows in 2010.
Any one of those CAs can be compromised and their root cert used to sign fake certs for any site on the internet, instantly having Windows trust those certs.
The whole security model on the internet is just broken. We don't have secure DNS or reliable Certificate Pinning.
It would be a monopoly if they didn't make it basically open. Or monopoly-ish. Not an open market.
Frankly, in this case, a monopoly, like you want for healthcare, seems like the better play. The fees should either be free or extremely low, only enough to handle the costs of administration and hardware required.
-
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
Frankly, I'm frustrated that ICANN has allows so many registrars and SSL cert providers. There are over 1400 CAs trusted by Windows in 2010.
Any one of those CAs can be compromised and their root cert used to sign fake certs for any site on the internet, instantly having Windows trust those certs.
The whole security model on the internet is just broken. We don't have secure DNS or reliable Certificate Pinning.
It would be a monopoly if they didn't make it basically open. Or monopoly-ish. Not an open market.
Frankly, in this case, a monopoly, like you want for healthcare, seems like the better play. The fees should either be free or extremely low, only enough to handle the costs of administration and hardware required.
Universal coverage does not imply monopolistic treatment. Further, most countries with universal health coverage also have private systems too.
-
@tonyshowoff said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
Frankly, I'm frustrated that ICANN has allows so many registrars and SSL cert providers. There are over 1400 CAs trusted by Windows in 2010.
Any one of those CAs can be compromised and their root cert used to sign fake certs for any site on the internet, instantly having Windows trust those certs.
The whole security model on the internet is just broken. We don't have secure DNS or reliable Certificate Pinning.
It would be a monopoly if they didn't make it basically open. Or monopoly-ish. Not an open market.
Frankly, in this case, a monopoly, like you want for healthcare, seems like the better play. The fees should either be free or extremely low, only enough to handle the costs of administration and hardware required.
Universal coverage does not imply monopolistic treatment. Further, most countries with universal health coverage also have private systems too.
Like Panama... good healthcare for free or suckers can pay for private American healthcare from Johns Hopkins.
-
@scottalanmiller said:
@tonyshowoff said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
Frankly, I'm frustrated that ICANN has allows so many registrars and SSL cert providers. There are over 1400 CAs trusted by Windows in 2010.
Any one of those CAs can be compromised and their root cert used to sign fake certs for any site on the internet, instantly having Windows trust those certs.
The whole security model on the internet is just broken. We don't have secure DNS or reliable Certificate Pinning.
It would be a monopoly if they didn't make it basically open. Or monopoly-ish. Not an open market.
Frankly, in this case, a monopoly, like you want for healthcare, seems like the better play. The fees should either be free or extremely low, only enough to handle the costs of administration and hardware required.
Universal coverage does not imply monopolistic treatment. Further, most countries with universal health coverage also have private systems too.
Like Panama... good healthcare for free or suckers can pay for private American healthcare from Johns Hopkins.
Or Bosnia, the only place I know of where the "free" is way worse than private to an insane degree, and that's because of a war so at least that's an excuse.
-
@tonyshowoff said:
@scottalanmiller said:
@tonyshowoff said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
Frankly, I'm frustrated that ICANN has allows so many registrars and SSL cert providers. There are over 1400 CAs trusted by Windows in 2010.
Any one of those CAs can be compromised and their root cert used to sign fake certs for any site on the internet, instantly having Windows trust those certs.
The whole security model on the internet is just broken. We don't have secure DNS or reliable Certificate Pinning.
It would be a monopoly if they didn't make it basically open. Or monopoly-ish. Not an open market.
Frankly, in this case, a monopoly, like you want for healthcare, seems like the better play. The fees should either be free or extremely low, only enough to handle the costs of administration and hardware required.
Universal coverage does not imply monopolistic treatment. Further, most countries with universal health coverage also have private systems too.
Like Panama... good healthcare for free or suckers can pay for private American healthcare from Johns Hopkins.
Or Bosnia, the only place I know of where the "free" is way worse than private to an insane degree, and that's because of a war so at least that's an excuse.
Johns Hopkins is the hospital that thought that nut job who thinks the pyramids were grain stores and all kinds of whacky things led their surgical department. You'd have to be insane to get treated at a hospital letting crazies like that even work there let alone run departments.
(Working there as a janitor would be okay, just not in healthcare portions of the business.)
That's the kind of hospital that removes your spleen because "if God wanted you to have it, he'd not have made it make you sick." Those people scare me.