Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] Please, enable HTTPS on every website you can!

discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] Please, enable HTTPS on every website you can!


Chronological Thread 
  • From: Jeff Taylor <shdwdrgn AT sourpuss.net>
  • To: discuss AT lists.opennicproject.org
  • Subject: Re: [opennic-discuss] Please, enable HTTPS on every website you can!
  • Date: Mon, 07 Apr 2014 20:17:13 -0600

This has actually been discussed already, and Julian has been looking into certs for some of the main sites.  Since this is a non-profit project and we don't really have much money to put towards such thing, we have discussed such options as cacert (which of course requires you to install their keys on your computer, but is just as secure as any other SSL cert).  Would you have any other suggestions?

Of course pages such as the members site and domain registrations are all under consideration for moving to https.  I hadn't considered the search engines, but I can see your point for including those too.


On 04/07/2014 06:52 PM, imsys wrote:
Hi everyone,

In OpenNIC main page, opennicproject.org / opennic.glue, it says
"Protect Your Privacy". Great! I know the awesome work OpenNIC does. And
guess what? We can improve! :)

We could enable HTTPS on every page we could.

Mainly grep.geek, search.geek and all the domain registration websites,
like reg.for.free

Why?

1 - Anyone can set up a sniffer to get the data that goes via HTTP. The
attacker can get all form data too, like a username and password!!!!
http://reg.for.free/login/
 HTTP is very insecure for login/registration.

2 - Some ISPs use Transparent Proxies to cache websites to save a lot of
bandwidth, but they can only do that to HTTP! SSL/TLS connections are
made directly with the website.
My ISP in Brazil do have a transparent proxy that makes me unable to
access OpenNIC HTTP websites. Fortunately I work in this ISP and I can
have a voice in the decisions. But other people may not be that lucky,
so enabling HTTPS will also help some people who are behind a proxy.


I know OpenNIC project has so many domains and probably most of us do
not want to spend money with certificates, but I think it's complete
fine to we use self-signed certificates.

For some domains we could try startssl that gives free certificates. But
they only allow 1 subdomain, and I don't know if they would accept a
OpenNIC TLDs.

Cheers! :)

imsys



--------
You are a member of the OpenNIC Discuss list. 
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org




Archive powered by MHonArc 2.6.19.

Top of Page