Welcome to the php ebenezer's messageboard
see bottom for more info

HOME



back to main board collapse thread
ssl (20/09/17 18:15:11) Reply
    I found two interesting development in treating web traffic. Browsers in the very near future want to force everything thru https - basically disabling any http traffic to non-technical people. The good side is that your data - particularly anything a user submit through a form - should be more secure than sending it in plain.
    The not as good side is that all websites need to:
    -spend money on certificates.
    -reveal their identity
    -or spend more money on hiding their identity.
    ( Roll back the clock to '95. There wouldn't be Fravia - at least not for long.)

    Now the OTHER thing seems to be more interesting and maybe solving the top problem together with others. The Certification Authority Authorization (CAA), specified in RFC 6844 in 2013 - targets the problem that Certification authorities are scopeless - basically ANY CA on your browsers built-in list can validate ANY website - which is pretty brainless IMO. CAA supposed to solve this, by giving the CAs scope:

    "CAA creates a DNS mechanism that enables domain name owners to whitelist CAs that are allowed to issue certificates for their hostnames. It operates via a new DNS resource record (RR) called CAA (type 257). Owners can restrict certificate issuance by specifying zero or more CAs; if a CA is allowed to issue a certificate, their own hostname will be in the DNS record."

    Now it seems that if a website owner want to issue a certificate, the only thing they need to control is their DNS - which looks more friendly right now.

    I for one have a RootCA generating Intermediates to my .nets and .orgs, whom generate certs to all the subdomains. BUT because my RootCA is selfvalidated as well if any of my friends want to get to those sites they need to be able and willing to import my CA (chain) to their browser ( inconvenient/difficult/could be even risky ). Now if my DNS could define my CA that would be wonderful.
have

Re: ssl (20/09/17 21:29:47) Reply
    Wow.

    Does this mean that new communities need to begin by people knowing each other first? No way of repeating the fravia (initial honeypot)->inux-seeker-newbie-ebmb cluster development?
e


come again

messageboard's PHP script is a courtesy of Laurent

 This board has been visited 158624 timesCurrent time is 18/10/17 11:35:16