Discuss mailing list

[Daniel Shirley <aditaa05 AT gmail.com>]

The CA is in the testing phase (that why there has not been an email and very little documentation) but when i get all the services up and running and it passes the security checks, i will send out an email and documentation 

On Wed, Sep 20, 2017 at 1:25 AM, Al Beano <albino AT autistici.org> wrote:

Hi,

OpenNIC already has a CA: aditaa is working on it. Right now it's only for .libre, though.

Makes sense to avoid fragmentation here.

albino

On 20 September 2017 07:20:03 BST, "Dmitry S. Nikolaev" <dn AT mega-net.ru> wrote:
>Found this:
>
>> The Dogtag *Certificate System* is an enterprise-class *open
>> source* Certificate Authority
>>
><http://pki.fedoraproject.org/wiki/PKI_Architecture#Certificate_Authority>

>(CA).
>http://pki.fedoraproject.org/wiki/PKI_Main_Page
>
>
>With best regards, Dmitry S. Nikolaev
>virus_net
>
>On 20.09.2017 08:43, Dmitry S. Nikolaev wrote:
>>
>> Hi.
>>
>> My investigation result: Best way (and only one way mine opinion) -
>> OpenNIC need own CA and users need to install CA cert into their
>browsers.
>> As example of this is Webmoney with their auth with own SSL cert.
>>
>> I will think about it later, maybe I can do CA with web-iface to
>> obtain certs. It`s not easy question but I can take a try.
>>
>> With best regards, Dmitry S. Nikolaev
>> virus_net
>> On 18.09.2017 06:50, Dmitry S. Nikolaev wrote:
>>>
>>> Hi.
>>>
>>> About  option 1: I can`t say anything yet because I need to
>>> investigate by myself too.
>>>
>>> About option 2: I can say that you right and opennic need of
>>> something like startssl.com. Own CA with web-iface to obtain SSL
>cert
>>> for opennic users and domains.
>>> Proxy may be an option but we still need to think about another
>ways.
>>>
>>> With best regards, Dmitry S. Nikolaev
>>>
>>> Moscow, Russia
>>> phone: +7 (499) 678 8007 [ext. 6003]
>>> fax: +7 (499) 678 8007 [ext. 7777]
>>> www: http://www.mega-net.ru
>>> mail: dnikolaev AT mega-net.ru
>>> SIP URI: dnikolaev AT sip.mega-net.ru || dn AT sip.mega-net.ru
>>> On 17.09.2017 11:25, Al Beano wrote:
>>>> Hi all,
>>>>
>>>> I've done some digging around the WebExtension API, and I cannot
>find any way to resolve OpenNIC names in-browser, including the use of
>HTTPS.
>>>>
>>>> There are two possible solutions:
>>>>
>>>> 1. create an extension which does not allow for HTTPS. Although
>there is no CA currently widely in operation on OpenNIC, aditaa is
>working on one and there is hope that things could change. Advertising
>an extension which doesn't support HTTPS would be conceding defeat.
>>>>
>>>> 2. create an extension which does allow for HTTPS, through the use
>of a proxy server which we control. This is not ideal either, but I
>think it is the better of the two options: users of OpenNIC are already
>placing trust in the operators of T1 and T2 servers to answer queries
>honestly, so if the same people were operating the proxy server(s), the
>'attack vector' for OpenNIC would remain much the same. This would also
>mean that the proxy server operators could choose which CAs to trust —
>as long as we only trust genuinely trustworthy CAs this would be a good
>thing because users wouldn't see a scary 'Untrusted certificate!'
>message and use of HTTPS would be a seamless experience.
>>>>
>>>> The only other potential issue with option 2 is that it could
>result in high resource usage, but if a few people contribute small
>VPSes with ~50mbps network I don't think there would be any problem.
>>>>
>>>> I'm interested to hear your opinions on this. Is a proxy server
>acceptable?
>>>>
>>>> Obviously, I'd rather have the plugin support HTTPS 'properly' and
>if anyone knows how we might be able to so please let me know!
>>>>
>>>> albino
>>>>
>>>>
>>>> --------
>>>> You are a member of the OpenNIC Discuss list.
>>>> You may unsubscribe by emailing
>discuss-unsubscribe AT lists.opennicproject.org
>>>
>>>
>>>
>>> --------
>>> You are a member of the OpenNIC Discuss list.
>>> You may unsubscribe by emailing
>discuss-unsubscribe AT lists.opennicproject.org
>>
>>
>>
>>
>> --------
>> You are a member of the OpenNIC Discuss list.
>> You may unsubscribe by emailing
>discuss-unsubscribe AT lists.opennicproject.org
>
>
>

>------------------------------------------------------------------------

>
>
>
>--------
>You are a member of the OpenNIC Discuss list.
>You may unsubscribe by emailing
>discuss-unsubscribe AT lists.opennicproject.org

--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org