
On 01/01/2012 07:22 PM, Alex Buie wrote:
On Sun, Jan 1, 2012 at 12:57 PM, Marcello Perathoner <marcello@perathoner.de> wrote:
Certificates are expensive. You have to get them and renew them. Maybe we could get a cheap one from a certification authority for academia.
I'm pretty sure we could get 18 people to pay $0.50 for a PositiveSSL cert ;-). http://www.namecheap.com/ssl-certificates/comodo/positivessl-certificate.asp...
The idea here is to protect people's reading choices from government eavesdropping. That's a different class of security than to prevent your internet cafe neighbour from seing what you download. In the latter case a self-signed certificate would suffice. What we need is a worldwide recognized CA that does real checks, ie. paperwork, to determine the authenticity of the certificate request. Also, we need an EV certificate, eg. one that turns the browser bar green. EV certificates work for one subdomain only. So we'd need at least 2 of them. EV certificates at Verisign start at $998 / year. I'd appreciate if you stopped spamming the list with comments that only expose your personal naivete in real world security matters. -- Marcello Perathoner webmaster@gutenberg.org