Discuss mailing list

[Amrit Panesar <apanesar AT 4195tech.com>]

On 5/30/2012 4:19 PM, opennic AT lewman.us wrote:
> On Wed, 30 May 2012 16:59:38 -0500
> Jamyn Shanley <jshanley AT gmail.com> wrote:
>> I didn't say it was self-signed, I said CAcert certificates are not
>> recognized by most browsers.
>> It is not a good idea for a registrar to have warnings presented on
>> their SSL pages by default.
> I'm having a hard time with this logic. To me, by this logic it means
> that you shouldn't be registering non-ICANN approved domains either.
> 99.99% of the dns clients out there won't understand the opennic
> domains.

I think the issue is that in order to get a more polished registration
pathway, not only should it be required to have a ssl certificate, but
it should be by a trusted authority.

Facts are that red warning screens tend to scare shy users off, or at
least to the laymen, something broken.

Something we can do with the OpenNIC installer is add/register the
CACert Certificate Authority on the client's system.

IMO this is a compromise, encryption should be mandatory for handling
any private information.
It would be better if there were free, trusted, ssl certs for everyone.
(see: http://www.comodo.com/)
I'm not sure if Comodo (or any other SSL service) will accept a CSR for
a non-ICANN TLD, it's worth a shot if anyone has a few spare minutes.

Again, I will be implementing the highest security and safety measures
when the .neo domain registration facility goes live.
We can update the OpenNIC installer to give an option for installing the
CACert CA, this will cause less confusion then having the user jump
through these warning dialogs. (or preventing chrome users from working
at all!)

-- 
Amrit Panesar
OpeNIC .Neo Administrator
[ @neo_desktop ]