discuss AT lists.opennicproject.org
Subject: Discuss mailing list
List archive
- From: Amunak <amunak AT amunak.net>
- To: discuss AT lists.opennicproject.org
- Subject: [opennic-discuss] SSL Certificate and CACert
- Date: Tue, 11 Feb 2014 19:22:27 +0100
Hello,
so we now use an SSL certificate for accessing the whitelist API. Yesterday we've discussed a few things on IRC. Firstly, this is not enough. Since both the member and wiki login pages aren't using SSL, the API key is not very secure. But I've heard that when the infrastructure is ready, at least those log-ins, or preferably all the sites, will be using SSL.
There are certain options of obtaining free signed certificates from trusted CAs - mainly StartSSL (just general free yearly cert) and GlobalSign (they offer free certs for open source projects - OpenNIC may not be eligible though). But it seems that we would go our way - having own CA and pushing it to clients. That's when I suggested CACert.
I feel that both our and CACert community would greatly benefit from supporting each other. We have similar goals and thinking - we want open, uncensored internet (or call it just DNS), and they want community-driven certificates without fees to corporations. In my opinion it would be much better to push for one unified, "open" CA instead of making another "incompatible" one.
What do you think?
-- amunak
- [opennic-discuss] SSL Certificate and CACert, Amunak, 02/11/2014
- Re: [opennic-discuss] SSL Certificate and CACert, Calum McAlinden, 02/11/2014
Archive powered by MHonArc 2.6.19.