Discuss mailing list

[Caleb Langeslag <takyoji AT gmail.com>]

A few options:

 - StartCom certs for free with Level 1 validation (for non-OpenNIC domains)

 - Create our own CA

However, note, the CA system has been showing signs of it's flaws over the years, and therefore there's a project called Convergence which generally throws out the concept of Certificate Authorities was created, and was written by a security research that has plenty of experience in finding vulnerabilities in SSL/TLS implementations (as well as relevant proof-of-concept exploitation tools).

If you install the Convergence plugin today, you'll notice that CACert-signed certificates or EVEN self-signed certificates will be trusted. However, when someone tries a man-in-the-middle attack, you'll notice that you get a certificate error. The way this works is that Convergence works in a network "notaries" across the Internet which check what certificate they get when they load a website, and if what you get differs from the notaries, then it's a sign of a MitM attack.

So, either we can continue focus on developing our own CA; or, help bring awareness of a rather sound Certificate Authority alternative. Or both.

On Thu, May 31, 2012 at 10:19 AM, Daniel L <daniel.leek AT me.com> wrote:

Not all of us are adults ;). 

But yes, i agree with your point. I hate it when people get offended by words.

On 01/06/2012, at 1:15 AM, Alex Hanselka wrote:

Hi guys!

Let me start by saying, lets all try to get over our distaste of certain words. They are only powerful if you give them meaning. I hear much worse and am called MUCH worse than the word used earlier on the this ML.  Basically, I would appreciate it if everyone were to not be upset by words, especially when they aren't directly hateful towards some individual.  In this case "All fuckin' talk" was used as an adjective, not a pejorative against anyone.  Since we are all about free speech, I am not about to say what words we can and cannot use on this mailing list. Even if I did, someone else would start to host it anyway :).  We are all adults (or at least mature enough) and can handle some "bad words."  Let's try to be respectful though!

Also, OpenNICs goal is to eventually be "mainstream use."  However, that is a long road away, in my eyes.  While we are constantly working to improve OpenNIC, but things take time. There are many projects that are more well established as well.  We can look at projects like Fedora Linux for instance, which is volunteer but funded by Red Hat, the largest Linux distributor in the world.  Really, we can look at any of the major linux distros which have a MASSIVE amount of support and usually a lot of monetary support from various other organizations.  

OpenNIC on the other hand has ZERO monetary support and a relatively small volunteer base (Thats us!).  It is a lot easier to get things done when they aren't expensive and you can afford to spend more time on it.  

That being said, OpenNIC will eventually become great. However, things take time and I encourage everyone not to be too impatient.  Feel free to prod once in a while if you feel things aren't getting done, but also accept that sometimes you're just going to have to take someones word that they are working as hard as they can. 

As for a Cert Authority for OpenNIC, that sounds like a good idea! However, I'd ask that we wait a bit before we get too far into that. 

Bottom line (also, TL;DR): Please be respectful, try not to be offended by words, be patient with progress, and have fun.  While it would be nice to have widespread adoption, I'd still like us to have fun doing this. If it gets boring or becomes a chore, thats when a project falls apart.

Please contact me with any issues you have. I assure you I *will* deal with them to the best of my ability :)

---

Alex Hanselka

alex AT opennicproject.org