DISQUS

DISQUS Hello! Noah's Mark is using DISQUS, a powerful comment system, to manage its comments. Learn more.

Community Page

  • Subscribe

  • Community

  • Top Commenters

  • Popular Threads

  • Recent Comments

    • Like I said, though, it depends on how you define "useful". Adding those knobs and levers attracts the KDE types to compiz - the people who want their UI to be infinitely configurable, so...

      3 months ago by noah

      in Demoware

    • I read this and thought about all those little knobs you can adjust in the latest Linux compiz stuff. All of it is completely unncessary but it's a good example of where pointless things not...

      3 months ago by Steven

      in Demoware

    • This is an annoying problem, though as you show in your example, a fair share of the fault lies with the customer, who is willing to have management make the purchase.

      3 months ago by Corry

      in Demoware

    • Hi! Yay post storm! Also, according to Google Reader, you have at least 7 readers (Including me).

      3 months ago by Corry

      in meh

    • I voted! Hope Ines is happy.

      6 months ago by PaulSolt

      in Go Vote

Noah's Mark

Jump to original thread »
Author

Firefox’s SSL policy is not bad, you idiot

Started by noah · 10 months ago

Today’s happy little rant comes courtesy of some asshat at UMass Lowell.  The article is entitled:
Mozilla SSL policy bad for the Web

First, I want to tell you about my grandmother (mom’s mom), Marion.  I’m not gonna call her Marion, % ... Continue reading »

3 comments

  • trevelyan

    10 months ago

    Server identity verification can and should be tested in the same manner that Google Apps does it - stick a new page up on your server or add a new CNAME record to prove you control the domain.

    If domain names can be registered for under $10, why should domain name verification cost hundreds of dollars per year?
    reply
  • noah

    10 months ago

    Because they are different services - note the keyword _verification_ in that second part. The first part, the "I want a domain name here plzthx", isn't a complicated problem because there aren't many (enforced) trust/identity strings attached. Also, because there are an inordinate amount of domains being registered and a much smaller number of sites getting SSL certs, I can only imagine the cost for the first will be much cheaper than the second. Sounds pretty simple to me.

    Oh, and the real answer is, "because they charge that much and people will pay it." Enter capitalism.

    Your suggestion, in the first paragraph, is for how a "trusted" authority should establish trust with an untrusted endpoint - you do some activity to prove to that party that you "own" the domain, and that third party, which is a trusted authority by some other definition, is depended on for its verification of your site. Maybe that is enough to establish trust, but how does it relate to the post?

    If you want to complain about the methods CAs use to verify identity, then that is a different discussion. If you feel a CA charges too much for its services, find a different one. The digicert price I found was after clicking 2 links in a google search. I bet you can find better prices without looking too hard.

    Or you get behind someone like CACert.org, who gives out free (as in beer) certs and (I believe) is still trying to be accepted by mozilla as a trusted root CA:
    https://bugzilla.mozilla.org/show_bug.cgi?id=21...

    Mozilla has a nice, fair, and public policy for how to become a trusted CA:
    http://www.mozilla.org/projects/security/certs/...

    So I don't think there are major roadblocks preventing somebody from using your method to establish trust and charging less than $100 a year and getting accepted by mozilla as a root CA. Except, you know, capitalism.
    reply
  • PaulSolt

    9 months ago

    Good read. I think it's a good system to get in your face; especially for my relatives who are computer illiterate. This step is completely necessary to protect any user from doing harm to themself.
    reply

Add New Comment

Returning? Login