Discuss mailing list

[fr33domlover <fr33domlover AT riseup.net>]

On 2014-10-20
"Calum McAlinden" <calum AT mcalinden.me.uk> wrote:

> On 20 October 2014 18:22, BlockAid DNS <webmaster AT blockaid.me> wrote:
> > I used StartSSL at the moment and I didn't find their identity requests‎ 
> > to
> > be extreme. I have level 2 validation for my company and StartSSL
> > technically enables me to create an unlimited amount of certificates for
> > websites we own. I don't think, in the circumstances, what they ask for is
> > overboard.
> 
> I agree, all my experiences with them have been good - maybe I
> shouldn't read into particular reviews too much.
> 
> Anyone had any advances with SSL certs for OpenNIC domains?



I have (or had, it stops working very frequently because I use reg.for.free's
own nameservers and not my own) the domain

partager.null

for which I made my own locally managed CA and certificates for all the
subdomains. Works like a charm. You just need to instruct people to install
your CA cert, but that is ridiculously simple. For example this website does 
it
too:

http://www.inventati.org/en/ca/index.html

Trust between computers should be based on trust between their users... even a
real person with a real address can be a scammer, but that wouldn't stop
StartSSL et al. from giving a certificate to such a person.

There's also MonkeySphere which allows certs to be validated using GPG trust,
in case you're looking for a brighter future... ;-)

Anyway, self managed CAs for small everyone-knows-everyone groups are 
reliable,
very easy to manage and without funny paperwork and privacy issues.



---
fr33domlover         <http://www.rel4tion.org/people/fr33domlover>
GPG key ID:          63E5E57D (size: 4096)
GPG key fingerprint: 6FEE C222 7323 EF85 A49D  5487 5252 C5C8 63E5 E57D

Attachment: signature.asc
Description: PGP signature