[AusNOG] Lets Encrypt

Matt Palmer mpalmer at hezmatt.org
Wed Nov 19 14:36:29 EST 2014


On Wed, Nov 19, 2014 at 11:45:07AM +1100, Reuben Farrelly wrote:
> On 19/11/2014 11:38 AM, Colin Stubbs wrote:
> >Many existing CA's who already offer "free certs" have those
> >limitations, they only charge for the identity verification process, the
> >cost of which increases with the complexity required to verify who you
> >are and what you own.
> 
> Question: do end users really care at all about the identity verification?

The literature suggests that, overall, ordinary users have No Freaking Idea
what the green box means.  Research is ambivalent on whether or not they
understand the idea of the padlock, either.  But, given the number of
different icons that get used for various states (secure, insecure content,
etc), that isn't surprising.

The OSS browsers *are* looking at ways of improving the UI -- simplifying
it, perhaps even making HTTP-only connections look "untrusted" (it *does*
seem a little odd that a HTTPS connection with a self-signed cert is shown
as being "less safe" than a pure-HTTP connection, doesn't it?), but it's a
slow process.

> As long as the popup box doesn't come up, very few people care...so
> in that regard I think this project will fill a useful purpose.

If nothing else, it'll increase the amount of encrypted traffic running
around the 'tubes, which will give the Emperor of Brandistan something to
think about.

- Matt

-- 
Windows is too dangerous to be left to Windows admins.
		-- James Riden, ASR



More information about the AusNOG mailing list