discuss AT lists.opennicproject.org
Subject: Discuss mailing list
List archive
- From: imsys <imsys AT riseup.net>
- To: discuss AT lists.opennicproject.org
- Subject: [opennic-discuss] Please, enable HTTPS on every website you can!
- Date: Mon, 07 Apr 2014 21:52:25 -0300
Hi everyone,
In OpenNIC main page, opennicproject.org / opennic.glue, it says
"Protect Your Privacy". Great! I know the awesome work OpenNIC does. And
guess what? We can improve! :)
We could enable HTTPS on every page we could.
Mainly grep.geek, search.geek and all the domain registration websites,
like reg.for.free
Why?
1 - Anyone can set up a sniffer to get the data that goes via HTTP. The
attacker can get all form data too, like a username and password!!!!
http://reg.for.free/login/
HTTP is very insecure for login/registration.
2 - Some ISPs use Transparent Proxies to cache websites to save a lot of
bandwidth, but they can only do that to HTTP! SSL/TLS connections are
made directly with the website.
My ISP in Brazil do have a transparent proxy that makes me unable to
access OpenNIC HTTP websites. Fortunately I work in this ISP and I can
have a voice in the decisions. But other people may not be that lucky,
so enabling HTTPS will also help some people who are behind a proxy.
I know OpenNIC project has so many domains and probably most of us do
not want to spend money with certificates, but I think it's complete
fine to we use self-signed certificates.
For some domains we could try startssl that gives free certificates. But
they only allow 1 subdomain, and I don't know if they would accept a
OpenNIC TLDs.
Cheers! :)
imsys
- [opennic-discuss] Please, enable HTTPS on every website you can!, imsys, 04/07/2014
- Re: [opennic-discuss] Please, enable HTTPS on every website you can!, Jeff Taylor, 04/07/2014
- Re: [opennic-discuss] Please, enable HTTPS on every website you can!, Alex Hanselka, 04/07/2014
- Re: [opennic-discuss] Please, enable HTTPS on every website you can!, Simon, 04/08/2014
- Re: [opennic-discuss] Please, enable HTTPS on every website you can!, Coyo, 04/08/2014
- Re: [opennic-discuss] Please, enable HTTPS on every website you can!, Calum McAlinden, 04/08/2014
- Re: [opennic-discuss] Please, enable HTTPS on every website you can!, Coyo, 04/08/2014
- Re: [opennic-discuss] Please, enable HTTPS on every website you can!, Coyo, 04/08/2014
- Re: [opennic-discuss] Please, enable HTTPS on every website you can!, Daniel Quintiliani, 04/08/2014
- Re: [opennic-discuss] Please, enable HTTPS on every website you can!, Coyo, 04/08/2014
- Re: [opennic-discuss] Please, enable HTTPS on every website you can!, Daniel Quintiliani, 04/08/2014
- Re: [opennic-discuss] Please, enable HTTPS on every website you can!, Coyo, 04/08/2014
- Re: [opennic-discuss] Please, enable HTTPS on every website you can!, Calum McAlinden, 04/08/2014
- Re: [opennic-discuss] Please, enable HTTPS on every website you can!, Coyo, 04/08/2014
- Re: [opennic-discuss] Please, enable HTTPS on every website you can!, Jeff Taylor, 04/07/2014
Archive powered by MHonArc 2.6.19.