Re: Switch to HTTPS Now, For Free

In my opinion, (ie. for my use-cases) the value of an SSL cert is just to
prevent MITM attacks and the like. Having an "officially issued" cert also
gets rid of the annoying acceptance pop-up that you get from self-signed
certs.

StartSSL is pretty cool for that, I've been using it for over 6 months now
on silverbucket.net and aside from the "run by (unknown)", it serves it's
purpose.

I could see if you were accepting payments, or otherwise conducting serious
business, you'd want more.



On Thu, Sep 26, 2013 at 7:30 PM, Jonas Smedegaard <dr@jones.dk> wrote:

> Quoting Seth Russell (2013-09-26 16:51:54)
> > I think you missed the point.   How does the client know to whom they
> > talk?  The <Organization> should be filled in on these certificates.
> > Certificate authorities are suppose to require verifiable  bona fides
> > from those to whom they issue certificates.  That's what we pay for.
> > Now i certainly acknowledge that doesn't really make the net more
> > trustworthy ... but that is what it was suppose to accomplish.  Do we
> > now need to acknowledge that the Emperor has no clothes?  How about
> > ICANN issueing these certificates free - just fill out the form - no
> > questions asked - no bona fides at all needed or asked for.
>
> I may very well have missed what you intended to ask, but your actual
> question was if "this way of certifying actually certify anything to a
> information consumer?", and it does.
>
>
> Cheap certificates do certify something.  Less than higher quality
> certificates, and possible not enough for your liking, but something.
>
>
>  - Jonas
>
> --
>  * Jonas Smedegaard - idealist & Internet-arkitekt
>  * Tlf.: +45 40843136  Website: http://dr.jones.dk/
>
>  [x] quote me freely  [ ] ask before reusing  [ ] keep private
>