[AusNOG] Lets Encrypt

Nick Savvides Nick_Savvides at symantec.com
Wed Nov 19 16:46:49 EST 2014


I completely agree that browsers should indicate more of a difference for DV/OV/EV in a manner that can be easily understood by the end-user.

I also think that one biggest problems today is that OCSP is not enabled everywhere by default. 

Nick.
 
-------------------------------------------------------
Nick Savvides,  Senior Principal Systems Engineer (Security)
nick_savvides at symantec.com, Mobile: +61 434 600 870

> On 19 Nov 2014, at 16:31 , Nick <nick at agentpoint.com> wrote:
> 
> I can get domain validated SSL's for AU$10/yr, not from StartSSL.
> Free is just the next logical price cutting step. Its not really a 
> decrease in security at all.
> 
> This is great because the biggest thing preventing me from securing all 
> our clients that we host is the tedious step of getting them to forward 
> a system email address to me so I can verify their domain.
> Its bad enough with clients who require it. With this we could offer to 
> do it by default for everyone.
> 
> Free, easy to verify and SNI means there would be very few reasons not 
> to encrypt all sites.
> 
> The only thing that might be needed is browsers to show a bigger 
> difference between DV certificates and OV/EV.
> 
> On 19/11/14 16:21, Nick Savvides wrote:
>> Personally I remove or mark as untrusted CAs that I don’t think I have valid reason to work with from systems I manage.
>> 
>> Unfortunately you cannot do this on Apple iOS.
>> 
>> 
>> Nick.
>> 
>> -------------------------------------------------------
>> Nick Savvides,  Senior Principal Systems Engineer (Security)
>> nick_savvides at symantec.com, Mobile: +61 434 600 870
>> 
>>> On 19 Nov 2014, at 11:40 , Mark Newton <newton at atdot.dotat.org> wrote:
>>> 
>>> 
>>> On Nov 19, 2014, at 10:42 AM, Alex Samad - Yieldbroker <Alex.Samad at yieldbroker.com> wrote:
>>> 
>>>> Would you trust a CA who gave our certs to any one ?
>>> Verisign/Thawte have been giving certs to just anyone for years.
>>> 
>>> Your browser trusts hundreds (thousands?) of CAs, some of which are owned or controlled by hostile foreign governments.  Just sayin’.
>>> 
>>>  - mark
>>> 
>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>> 
>> 
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
> 
> -- 
> Nick Stallman
> Agentpoint Pty Ltd
> The Real Estate Web Developers
> Melbourne | Sydney | Miami
> nick at agentpoint.com
> www.agentpoint.com.au | www.zooproperty.com | www.ginga.com.au | 
> www.business2.com.au
> 
> Business2.com.au is a real estate agent information website that helps 
> you understand Portals, Technology and comes with FREE tools to help 
> your Agency become an online success!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7769 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20141118/8afc501e/attachment.bin>


More information about the AusNOG mailing list