discuss AT lists.opennicproject.org
Subject: Discuss mailing list
List archive
- From: Jeff Taylor <shdwdrgn AT sourpuss.net>
- To: discuss AT lists.opennicproject.org
- Subject: Re: [opennic-discuss] Please, enable HTTPS on every website you can!
- Date: Mon, 07 Apr 2014 20:17:13 -0600
|
This has actually been discussed already, and Julian has been
looking into certs for some of the main sites. Since this is a
non-profit project and we don't really have much money to put
towards such thing, we have discussed such options as cacert (which
of course requires you to install their keys on your computer, but
is just as secure as any other SSL cert). Would you have any other
suggestions? Of course pages such as the members site and domain registrations are all under consideration for moving to https. I hadn't considered the search engines, but I can see your point for including those too. On 04/07/2014 06:52 PM, imsys wrote:
Hi everyone, In OpenNIC main page, opennicproject.org / opennic.glue, it says "Protect Your Privacy". Great! I know the awesome work OpenNIC does. And guess what? We can improve! :) We could enable HTTPS on every page we could. Mainly grep.geek, search.geek and all the domain registration websites, like reg.for.free Why? 1 - Anyone can set up a sniffer to get the data that goes via HTTP. The attacker can get all form data too, like a username and password!!!! http://reg.for.free/login/ HTTP is very insecure for login/registration. 2 - Some ISPs use Transparent Proxies to cache websites to save a lot of bandwidth, but they can only do that to HTTP! SSL/TLS connections are made directly with the website. My ISP in Brazil do have a transparent proxy that makes me unable to access OpenNIC HTTP websites. Fortunately I work in this ISP and I can have a voice in the decisions. But other people may not be that lucky, so enabling HTTPS will also help some people who are behind a proxy. I know OpenNIC project has so many domains and probably most of us do not want to spend money with certificates, but I think it's complete fine to we use self-signed certificates. For some domains we could try startssl that gives free certificates. But they only allow 1 subdomain, and I don't know if they would accept a OpenNIC TLDs. Cheers! :) imsys |
- [opennic-discuss] Please, enable HTTPS on every website you can!, imsys, 04/07/2014
- Re: [opennic-discuss] Please, enable HTTPS on every website you can!, Jeff Taylor, 04/07/2014
- Re: [opennic-discuss] Please, enable HTTPS on every website you can!, Alex Hanselka, 04/07/2014
- Re: [opennic-discuss] Please, enable HTTPS on every website you can!, Simon, 04/08/2014
- Re: [opennic-discuss] Please, enable HTTPS on every website you can!, Coyo, 04/08/2014
- Re: [opennic-discuss] Please, enable HTTPS on every website you can!, Calum McAlinden, 04/08/2014
- Re: [opennic-discuss] Please, enable HTTPS on every website you can!, Coyo, 04/08/2014
- Re: [opennic-discuss] Please, enable HTTPS on every website you can!, Coyo, 04/08/2014
- Re: [opennic-discuss] Please, enable HTTPS on every website you can!, Daniel Quintiliani, 04/08/2014
- Re: [opennic-discuss] Please, enable HTTPS on every website you can!, Coyo, 04/08/2014
- Re: [opennic-discuss] Please, enable HTTPS on every website you can!, Daniel Quintiliani, 04/08/2014
- Re: [opennic-discuss] Please, enable HTTPS on every website you can!, Jeff Taylor, 04/08/2014
- Re: [opennic-discuss] Please, enable HTTPS on every website you can!, Daniel Quintiliani, 04/08/2014
- Re: [opennic-discuss] Please, enable HTTPS on every website you can!, Coyo, 04/08/2014
- Re: [opennic-discuss] Please, enable HTTPS on every website you can!, Calum McAlinden, 04/08/2014
- Re: [opennic-discuss] Please, enable HTTPS on every website you can!, Coyo, 04/08/2014
- Re: [opennic-discuss] Please, enable HTTPS on every website you can!, Jeff Taylor, 04/07/2014
Archive powered by MHonArc 2.6.19.