Discuss mailing list

[Amunak <amunak AT amunak.net>]

Hello,
so we now use an SSL certificate for accessing the whitelist API. 
Yesterday we've discussed a few things on IRC. Firstly, this is not 
enough. Since both the member and wiki login pages aren't using SSL, the 
API key is not very secure. But I've heard that when the infrastructure 
is ready, at least those log-ins, or preferably all the sites, will be 
using SSL.

There are certain options of obtaining free signed certificates from 
trusted CAs - mainly StartSSL (just general free yearly cert) and 
GlobalSign (they offer free certs for open source projects - OpenNIC may 
not be eligible though). But it seems that we would go our way - having 
own CA and pushing it to clients. That's when I suggested CACert.

I feel that both our and CACert community would greatly benefit from 
supporting each other. We have similar goals and thinking - we want 
open, uncensored internet (or call it just DNS), and they want 
community-driven certificates without fees to corporations. In my 
opinion it would be much better to push for one unified, "open" CA 
instead of making another "incompatible" one.

What do you think?

-- amunak