Discuss mailing list

[imsys <imsys AT riseup.net>]

Hi everyone,

In OpenNIC main page, opennicproject.org / opennic.glue, it says
"Protect Your Privacy". Great! I know the awesome work OpenNIC does. And
guess what? We can improve! :)

We could enable HTTPS on every page we could.

Mainly grep.geek, search.geek and all the domain registration websites,
like reg.for.free

Why?

1 - Anyone can set up a sniffer to get the data that goes via HTTP. The
attacker can get all form data too, like a username and password!!!!
http://reg.for.free/login/
 HTTP is very insecure for login/registration.

2 - Some ISPs use Transparent Proxies to cache websites to save a lot of
bandwidth, but they can only do that to HTTP! SSL/TLS connections are
made directly with the website.
My ISP in Brazil do have a transparent proxy that makes me unable to
access OpenNIC HTTP websites. Fortunately I work in this ISP and I can
have a voice in the decisions. But other people may not be that lucky,
so enabling HTTPS will also help some people who are behind a proxy.


I know OpenNIC project has so many domains and probably most of us do
not want to spend money with certificates, but I think it's complete
fine to we use self-signed certificates.

For some domains we could try startssl that gives free certificates. But
they only allow 1 subdomain, and I don't know if they would accept a
OpenNIC TLDs.

Cheers! :)

imsys