On Wed, Jul 18, 2012 at 5:13 PM, "Martin J. Dürst" <duerst@it.aoyama.ac.jp>wrote: > Why don't you actually go to the trouble of moving Ongoing to TLS, with a > chained (i.e. not self-signed) certificate, and tell us how many working > hours/days and how much money it took you to set it up. This may make for > an interesting learning experience, and an interesting blog entry. > Popping in here because I indeed remember the pain getting this CA-signed certificate for my personal site. I did it because I felt publishing a webid on an unsecured server is quite pointless (well it offers around the same security as verify an identity by checking the email address). By contrast I remember no pain migrating from telnet to ssh. So my hope was that if encryption becomes standard on the web using it (both as client and as server) becomes much easier. I doubt that the current CA/PKI approach is a reasonable default behaviour. Trust on first use (TOFU) enhanced with either social public key exchange or using notary server (as in perspectives[1]) might offer a better balance of security and simplicity of use. Cheers, Reto PS: But yes, an answer to question "why is you blog http and not https?" could be "because cool uris don't change and when security becomes standard that S is obsolete". 1. http://static.usenix.org/event/usenix08/tech/full_papers/wendlandt/wendlandt_html/
Received on Friday, 20 July 2012 23:21:16 UTC