[AusNOG] Lets Encrypt
Nick Savvides
Nick_Savvides at symantec.com
Wed Nov 19 16:46:49 EST 2014
I completely agree that browsers should indicate more of a difference for DV/OV/EV in a manner that can be easily understood by the end-user.
I also think that one biggest problems today is that OCSP is not enabled everywhere by default.
Nick.
-------------------------------------------------------
Nick Savvides, Senior Principal Systems Engineer (Security)
nick_savvides at symantec.com, Mobile: +61 434 600 870
> On 19 Nov 2014, at 16:31 , Nick <nick at agentpoint.com> wrote:
>
> I can get domain validated SSL's for AU$10/yr, not from StartSSL.
> Free is just the next logical price cutting step. Its not really a
> decrease in security at all.
>
> This is great because the biggest thing preventing me from securing all
> our clients that we host is the tedious step of getting them to forward
> a system email address to me so I can verify their domain.
> Its bad enough with clients who require it. With this we could offer to
> do it by default for everyone.
>
> Free, easy to verify and SNI means there would be very few reasons not
> to encrypt all sites.
>
> The only thing that might be needed is browsers to show a bigger
> difference between DV certificates and OV/EV.
>
> On 19/11/14 16:21, Nick Savvides wrote:
>> Personally I remove or mark as untrusted CAs that I don’t think I have valid reason to work with from systems I manage.
>>
>> Unfortunately you cannot do this on Apple iOS.
>>
>>
>> Nick.
>>
>> -------------------------------------------------------
>> Nick Savvides, Senior Principal Systems Engineer (Security)
>> nick_savvides at symantec.com, Mobile: +61 434 600 870
>>
>>> On 19 Nov 2014, at 11:40 , Mark Newton <newton at atdot.dotat.org> wrote:
>>>
>>>
>>> On Nov 19, 2014, at 10:42 AM, Alex Samad - Yieldbroker <Alex.Samad at yieldbroker.com> wrote:
>>>
>>>> Would you trust a CA who gave our certs to any one ?
>>> Verisign/Thawte have been giving certs to just anyone for years.
>>>
>>> Your browser trusts hundreds (thousands?) of CAs, some of which are owned or controlled by hostile foreign governments. Just sayin’.
>>>
>>> - mark
>>>
>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>
> --
> Nick Stallman
> Agentpoint Pty Ltd
> The Real Estate Web Developers
> Melbourne | Sydney | Miami
> nick at agentpoint.com
> www.agentpoint.com.au | www.zooproperty.com | www.ginga.com.au |
> www.business2.com.au
>
> Business2.com.au is a real estate agent information website that helps
> you understand Portals, Technology and comes with FREE tools to help
> your Agency become an online success!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7769 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20141118/8afc501e/attachment.bin>
More information about the AusNOG
mailing list