digitalmars.D.announce - https everywhere
- Walter Bright (5/5) Feb 21 2014 dlang.org and dconf.org now support https,
- Dicebot (2/7) Feb 21 2014 Why can't free startssl certificate be used?
- Adam Wilson (7/16) Feb 21 2014 It probably has to do with the fact that the NSA owns every Root Signing...
- Dicebot (4/6) Feb 21 2014 And how it is relevant? Not like we are speaking about security
- Adam Wilson (6/12) Feb 21 2014 I agree, it's not exactly welcoming due to how browsers handle them.
- Jan Knepper (3/12) Feb 21 2014 Read what the browser says. Look at the information the browser displays...
- Walter Bright (2/11) Feb 21 2014 I never heard of it.
- Dicebot (2/4) Feb 21 2014 https://www.startssl.com/?app=1
- Adam Wilson (7/20) Feb 21 2014 I don't think they allow it for anything other than personal use though.
- Brad Anderson (8/15) Feb 21 2014 Nope, they can be used for any purpose. All they do is verify you
- Walter Bright (3/7) Feb 21 2014 Would that work for all the websites? I.e. digitalmars.com, dlang.org, e...
- Brad Anderson (6/16) Feb 21 2014 The one cost and you could cover everything. StartSSL is novel in
- Nick Sabalausky (4/12) Feb 21 2014 This is true (I do it on my server, hosting a couple domains ATM).
- Leandro Lucarella (11/26) Feb 21 2014 No, you can use any subdomain, you can't use wildcards, but you can get
- Nick Sabalausky (3/24) Feb 21 2014 I've tried to get a subdomain cert from them, but their system
- Nick Sabalausky (5/33) Feb 21 2014 SNI *is* necessary, of course, to host multiple SSL-certs on the same
- Leandro Lucarella (16/29) Feb 22 2014 I don't know what to say, but I'm in fact using two different
- Leandro Lucarella (8/26) Feb 21 2014 I use the free certificates and it works very nicely!
- Dicebot (4/6) Feb 21 2014 Any certificate is tied to domain or masked domain. Covering both
- Brad Anderson (3/10) Feb 21 2014 This doesn't apply because StartSSL lets you create as many
- Dicebot (3/14) Feb 21 2014 Yes, of course, but it won't be the same certificate. Walters
- Brad Anderson (5/21) Feb 21 2014 Walter's question is about whether the paid StartSSL verification
- Dicebot (2/6) Feb 21 2014 Then please disregard my obviously wrong answer :)
- Kagamin (3/6) Feb 26 2014 Doesn't google use single certificate for all its domains
- Nick Sabalausky (4/8) Feb 21 2014 I think it's pretty much standard practice in the Windows world to
- Brad Anderson (5/17) Feb 21 2014 I think it's ignored by users like you and I but at my work we'd
- Nick Sabalausky (13/27) Feb 21 2014 Perhaps so. Although FWIW, there's also a *lot* of average-joe users (I
- Rikki Cattermole (6/19) Feb 21 2014 And this is where if you're doing IT support, you add a nice
- Jan Knepper (4/17) Feb 21 2014 Neither have I...
- Ryan Chouinard (7/27) Feb 21 2014 Just going to throw this out there, but GlobalSign offers free
- Kagamin (4/7) Feb 26 2014 Last I checked cacert used their root key for automated signing,
- deadalnix (3/13) Feb 21 2014 The whole certification principle is about how much you trust who
- Steven Schveighoffer (5/18) Feb 21 2014 The problem is not who deadalnix trusts, it's who the browser trusts.
- Dicebot (3/18) Feb 21 2014 Wrong. Don't confuse PGP with SSL, latter has nothing to do with
- Nick Sabalausky (3/16) Feb 21 2014 Self-signed certs *can't* be trusted to be from the party they claim to
- Dmitry Olshansky (5/23) Feb 22 2014 This. And since the site isn't dynamic and doesn't transmit private data...
- Walter Bright (3/5) Feb 22 2014 There isn't any private data on the site, it's just getting on the "http...
- Dmitry Olshansky (8/14) Feb 22 2014 Yes, and then you get nothing useful - self-signed certificate doesn't
- Jan Knepper (2/15) Feb 21 2014 :-)
- Jan Knepper (3/12) Feb 21 2014 We could use a Free StartSSL certificate if that gives any benefit over
- Dmitry Olshansky (6/11) Feb 21 2014 That gets horribly wrong. With this kind of stuff we'd just scare away
- w0rp (8/13) Feb 21 2014 Cool, that's always welcome. I actually serve all of my website
- Brad Roberts (4/9) Feb 21 2014 At this point I'm just repeating what others have already said, but
- =?UTF-8?B?U8O2bmtlIEx1ZHdpZw==?= (4/9) Feb 22 2014 When the certificate discussion is settled, it would be good to also get...
- deadalnix (2/7) Feb 25 2014 Captcha in the forum to avoid spam do not work when using HTTPS
- Kagamin (3/8) Feb 26 2014 hyphenator is linked through http, so the page is reported as
dlang.org and dconf.org now support https, https://dlang.org https://dconf.org Note that this is a self-signed certificate, and so when you first access it you'll get a dire warning from your browser.
Feb 21 2014
On Friday, 21 February 2014 at 20:34:12 UTC, Walter Bright wrote:dlang.org and dconf.org now support https, https://dlang.org https://dconf.org Note that this is a self-signed certificate, and so when you first access it you'll get a dire warning from your browser.Why can't free startssl certificate be used?
Feb 21 2014
On Fri, 21 Feb 2014 12:35:10 -0800, Dicebot <public dicebot.lv> wrote:On Friday, 21 February 2014 at 20:34:12 UTC, Walter Bright wrote:It probably has to do with the fact that the NSA owns every Root Signing Key in the world. -- Adam Wilson GitHub/IRC: LightBender Aurora Project Coordinatordlang.org and dconf.org now support https, https://dlang.org https://dconf.org Note that this is a self-signed certificate, and so when you first access it you'll get a dire warning from your browser.Why can't free startssl certificate be used?
Feb 21 2014
On Friday, 21 February 2014 at 20:39:28 UTC, Adam Wilson wrote:It probably has to do with the fact that the NSA owns every Root Signing Key in the world.And how it is relevant? Not like we are speaking about security here - nothing sensitive is transferred from dlang.org; using self-signed certificates for public pages is just weird.
Feb 21 2014
On Fri, 21 Feb 2014 12:42:10 -0800, Dicebot <public dicebot.lv> wrote:On Friday, 21 February 2014 at 20:39:28 UTC, Adam Wilson wrote:I agree, it's not exactly welcoming due to how browsers handle them. -- Adam Wilson GitHub/IRC: LightBender Aurora Project CoordinatorIt probably has to do with the fact that the NSA owns every Root Signing Key in the world.And how it is relevant? Not like we are speaking about security here - nothing sensitive is transferred from dlang.org; using self-signed certificates for public pages is just weird.
Feb 21 2014
Jan Knepper <jan smartsoft.us> On 2/21/14, 3:43 PM, Adam Wilson wrote:On Fri, 21 Feb 2014 12:42:10 -0800, Dicebot <public dicebot.lv> wrote:Read what the browser says. Look at the information the browser displays the certificate. What then is the problem???On Friday, 21 February 2014 at 20:39:28 UTC, Adam Wilson wrote:I agree, it's not exactly welcoming due to how browsers handle them.It probably has to do with the fact that the NSA owns every Root Signing Key in the world.And how it is relevant? Not like we are speaking about security here - nothing sensitive is transferred from dlang.org; using self-signed certificates for public pages is just weird.
Feb 21 2014
On 2/21/2014 12:35 PM, Dicebot wrote:On Friday, 21 February 2014 at 20:34:12 UTC, Walter Bright wrote:I never heard of it.dlang.org and dconf.org now support https, https://dlang.org https://dconf.org Note that this is a self-signed certificate, and so when you first access it you'll get a dire warning from your browser.Why can't free startssl certificate be used?
Feb 21 2014
On Friday, 21 February 2014 at 20:40:24 UTC, Walter Bright wrote:https://www.startssl.com/?app=1Why can't free startssl certificate be used?I never heard of it.
Feb 21 2014
On Fri, 21 Feb 2014 12:40:29 -0800, Walter Bright <newshound2 digitalmars.com> wrote:On 2/21/2014 12:35 PM, Dicebot wrote:I don't think they allow it for anything other than personal use though. -- Adam Wilson GitHub/IRC: LightBender Aurora Project CoordinatorOn Friday, 21 February 2014 at 20:34:12 UTC, Walter Bright wrote:I never heard of it.dlang.org and dconf.org now support https, https://dlang.org https://dconf.org Note that this is a self-signed certificate, and so when you first access it you'll get a dire warning from your browser.Why can't free startssl certificate be used?
Feb 21 2014
On Friday, 21 February 2014 at 20:46:05 UTC, Adam Wilson wrote:On Fri, 21 Feb 2014 12:40:29 -0800, Walter Bright <newshound2 digitalmars.com> wrote:Nope, they can be used for any purpose. All they do is verify you own the domain in question (not do the more rigorous confirmation of actual identity). For $59.90 Walter could get a class 2 organization verification for Digital Mars and do code signing so we can get rid of that scary message when people run the installer. We use StartSSL for our code signing and website SSL and are happy with it.I don't think they allow it for anything other than personal use though.Why can't free startssl certificate be used?I never heard of it.
Feb 21 2014
On 2/21/2014 12:57 PM, Brad Anderson wrote:For $59.90 Walter could get a class 2 organization verification for Digital Mars and do code signing so we can get rid of that scary message when people run the installer. We use StartSSL for our code signing and website SSL and are happy with it.Would that work for all the websites? I.e. digitalmars.com, dlang.org, etc., or would it be a separate charge for each?
Feb 21 2014
On Friday, 21 February 2014 at 21:37:39 UTC, Walter Bright wrote:On 2/21/2014 12:57 PM, Brad Anderson wrote:The one cost and you could cover everything. StartSSL is novel in that all they do is verify your identity then let you generate as many certificates as you want. Most other CAs charge on a per certificate basis. I'm pretty happy with StartSSL apart from their terrible website.For $59.90 Walter could get a class 2 organization verification for Digital Mars and do code signing so we can get rid of that scary message when people run the installer. We use StartSSL for our code signing and website SSL and are happy with it.Would that work for all the websites? I.e. digitalmars.com, dlang.org, etc., or would it be a separate charge for each?
Feb 21 2014
On 2/21/2014 4:39 PM, Brad Anderson wrote:On Friday, 21 February 2014 at 21:37:39 UTC, Walter Bright wrote:This is true (I do it on my server, hosting a couple domains ATM). However, unless they've changed it since I last looked, you can't do subdomains (other than www.*) with their free cert.Would that work for all the websites? I.e. digitalmars.com, dlang.org, etc., or would it be a separate charge for each?The one cost and you could cover everything. StartSSL is novel in that all they do is verify your identity then let you generate as many certificates as you want. Most other CAs charge on a per certificate basis. I'm pretty happy with StartSSL apart from their terrible website.
Feb 21 2014
Nick Sabalausky, el 21 de February a las 16:47 me escribiste:On 2/21/2014 4:39 PM, Brad Anderson wrote:No, you can use any subdomain, you can't use wildcards, but you can get as many subdomains as you want. To use several subdomains in one server, your server must support SNI[1], but any modern webserver should support it. [1] https://en.wikipedia.org/wiki/Server_Name_Indication -- Leandro Lucarella (AKA luca) http://llucax.com.ar/ ---------------------------------------------------------------------- De las generaciones venideras espero, nada más, que vengan. -- Ricardo VaporesoOn Friday, 21 February 2014 at 21:37:39 UTC, Walter Bright wrote:This is true (I do it on my server, hosting a couple domains ATM). However, unless they've changed it since I last looked, you can't do subdomains (other than www.*) with their free cert.Would that work for all the websites? I.e. digitalmars.com, dlang.org, etc., or would it be a separate charge for each?The one cost and you could cover everything. StartSSL is novel in that all they do is verify your identity then let you generate as many certificates as you want. Most other CAs charge on a per certificate basis. I'm pretty happy with StartSSL apart from their terrible website.
Feb 21 2014
On 2/22/2014 12:09 AM, Leandro Lucarella wrote:Nick Sabalausky, el 21 de February a las 16:47 me escribiste:I've tried to get a subdomain cert from them, but their system complained that I already had a cert from them for the same domain.On 2/21/2014 4:39 PM, Brad Anderson wrote:No, you can use any subdomain, you can't use wildcards, but you can get as many subdomains as you want. To use several subdomains in one server, your server must support SNI[1], but any modern webserver should support it. [1] https://en.wikipedia.org/wiki/Server_Name_IndicationOn Friday, 21 February 2014 at 21:37:39 UTC, Walter Bright wrote:This is true (I do it on my server, hosting a couple domains ATM). However, unless they've changed it since I last looked, you can't do subdomains (other than www.*) with their free cert.Would that work for all the websites? I.e. digitalmars.com, dlang.org, etc., or would it be a separate charge for each?The one cost and you could cover everything. StartSSL is novel in that all they do is verify your identity then let you generate as many certificates as you want. Most other CAs charge on a per certificate basis. I'm pretty happy with StartSSL apart from their terrible website.
Feb 21 2014
On 2/22/2014 1:39 AM, Nick Sabalausky wrote:On 2/22/2014 12:09 AM, Leandro Lucarella wrote:SNI *is* necessary, of course, to host multiple SSL-certs on the same server (regardless of whetheer they're separate subdomains or suparate regular domains), but I already have my server doing that (one cert for each of two different domains).Nick Sabalausky, el 21 de February a las 16:47 me escribiste:I've tried to get a subdomain cert from them, but their system complained that I already had a cert from them for the same domain.On 2/21/2014 4:39 PM, Brad Anderson wrote:No, you can use any subdomain, you can't use wildcards, but you can get as many subdomains as you want. To use several subdomains in one server, your server must support SNI[1], but any modern webserver should support it. [1] https://en.wikipedia.org/wiki/Server_Name_IndicationOn Friday, 21 February 2014 at 21:37:39 UTC, Walter Bright wrote:This is true (I do it on my server, hosting a couple domains ATM). However, unless they've changed it since I last looked, you can't do subdomains (other than www.*) with their free cert.Would that work for all the websites? I.e. digitalmars.com, dlang.org, etc., or would it be a separate charge for each?The one cost and you could cover everything. StartSSL is novel in that all they do is verify your identity then let you generate as many certificates as you want. Most other CAs charge on a per certificate basis. I'm pretty happy with StartSSL apart from their terrible website.
Feb 21 2014
Nick Sabalausky, el 22 de February a las 01:43 me escribiste:I don't know what to say, but I'm in fact using two different certificates for two different subdomains and both are verified by StartSSL for free, you can check it out: openssl s_client -servername fotos.llucax.com.ar -connect luca.homenet.org:443 openssl s_client -servername cloud.llucax.com.ar -connect luca.homenet.org:443No, you can use any subdomain, you can't use wildcards, but you can get as many subdomains as you want. To use several subdomains in one server, your server must support SNI[1], but any modern webserver should support it. [1] https://en.wikipedia.org/wiki/Server_Name_IndicationI've tried to get a subdomain cert from them, but their system complained that I already had a cert from them for the same domain.SNI *is* necessary, of course, to host multiple SSL-certs on the same server (regardless of whetheer they're separate subdomains or suparate regular domains), but I already have my server doing that (one cert for each of two different domains).No, for subdomains is not strictly necessary, you can get a wildcard certificate that covers *.example.com. That kind of certificate work for any subdomain (the same certificate). But that kind of certificate is not free in StartSSL (I think because the verification process is more expensive). -- Leandro Lucarella (AKA luca) http://llucax.com.ar/ ---------------------------------------------------------------------- In 1995 a Japanese trawler sank, because a Russian cargo plane dropped a living cow from 30,000 feet
Feb 22 2014
Brad Anderson, el 21 de February a las 21:39 me escribiste:On Friday, 21 February 2014 at 21:37:39 UTC, Walter Bright wrote:I use the free certificates and it works very nicely! -- Leandro Lucarella (AKA luca) http://llucax.com.ar/ ---------------------------------------------------------------------- No existe nada más intenso que un reloj, ni nada más flaco que una bicicleta. No intenso como el café, ni flaco como escopeta. -- Ricardo VaporesoOn 2/21/2014 12:57 PM, Brad Anderson wrote:The one cost and you could cover everything. StartSSL is novel in that all they do is verify your identity then let you generate as many certificates as you want. Most other CAs charge on a per certificate basis. I'm pretty happy with StartSSL apart from their terrible website.For $59.90 Walter could get a class 2 organization verification for Digital Mars and do code signing so we can get rid of that scary message when people run the installer. We use StartSSL for our code signing and website SSL and are happy with it.Would that work for all the websites? I.e. digitalmars.com, dlang.org, etc., or would it be a separate charge for each?
Feb 21 2014
On Friday, 21 February 2014 at 21:37:39 UTC, Walter Bright wrote:Would that work for all the websites? I.e. digitalmars.com, dlang.org, etc., or would it be a separate charge for each?Any certificate is tied to domain or masked domain. Covering both *.digitalmars.com and *.dlang.org with same certificate is impossible.
Feb 21 2014
On Friday, 21 February 2014 at 21:44:19 UTC, Dicebot wrote:On Friday, 21 February 2014 at 21:37:39 UTC, Walter Bright wrote:This doesn't apply because StartSSL lets you create as many certificates as you want.Would that work for all the websites? I.e. digitalmars.com, dlang.org, etc., or would it be a separate charge for each?Any certificate is tied to domain or masked domain. Covering both *.digitalmars.com and *.dlang.org with same certificate is impossible.
Feb 21 2014
On Friday, 21 February 2014 at 22:52:46 UTC, Brad Anderson wrote:On Friday, 21 February 2014 at 21:44:19 UTC, Dicebot wrote:Yes, of course, but it won't be the same certificate. Walters question was about paid verified certificates.On Friday, 21 February 2014 at 21:37:39 UTC, Walter Bright wrote:This doesn't apply because StartSSL lets you create as many certificates as you want.Would that work for all the websites? I.e. digitalmars.com, dlang.org, etc., or would it be a separate charge for each?Any certificate is tied to domain or masked domain. Covering both *.digitalmars.com and *.dlang.org with same certificate is impossible.
Feb 21 2014
On Friday, 21 February 2014 at 22:59:39 UTC, Dicebot wrote:On Friday, 21 February 2014 at 22:52:46 UTC, Brad Anderson wrote:Walter's question is about whether the paid StartSSL verification I mentioned would let him cover all of those things for a single price (which it would). Not about whether a single certificate could be made to cover all of those things.On Friday, 21 February 2014 at 21:44:19 UTC, Dicebot wrote:Yes, of course, but it won't be the same certificate. Walters question was about paid verified certificates.On Friday, 21 February 2014 at 21:37:39 UTC, Walter Bright wrote:This doesn't apply because StartSSL lets you create as many certificates as you want.Would that work for all the websites? I.e. digitalmars.com, dlang.org, etc., or would it be a separate charge for each?Any certificate is tied to domain or masked domain. Covering both *.digitalmars.com and *.dlang.org with same certificate is impossible.
Feb 21 2014
On Friday, 21 February 2014 at 23:12:32 UTC, Brad Anderson wrote:Walter's question is about whether the paid StartSSL verification I mentioned would let him cover all of those things for a single price (which it would). Not about whether a single certificate could be made to cover all of those things.Then please disregard my obviously wrong answer :)
Feb 21 2014
On Friday, 21 February 2014 at 21:44:19 UTC, Dicebot wrote:Any certificate is tied to domain or masked domain. Covering both *.digitalmars.com and *.dlang.org with same certificate is impossible.Doesn't google use single certificate for all its domains (multiple masks)?
Feb 26 2014
On 2/21/2014 3:57 PM, Brad Anderson wrote:For $59.90 Walter could get a class 2 organization verification for Digital Mars and do code signing so we can get rid of that scary message when people run the installer. We use StartSSL for our code signing and website SSL and are happy with it.I think it's pretty much standard practice in the Windows world to ignore that warning. I've seen very little software that does bother with that code signing.
Feb 21 2014
On Friday, 21 February 2014 at 21:50:21 UTC, Nick Sabalausky wrote:On 2/21/2014 3:57 PM, Brad Anderson wrote:I think it's ignored by users like you and I but at my work we'd get worried calls from our customers thinking our installer was unsafe so we ended up adding code signing.For $59.90 Walter could get a class 2 organization verification for Digital Mars and do code signing so we can get rid of that scary message when people run the installer. We use StartSSL for our code signing and website SSL and are happy with it.I think it's pretty much standard practice in the Windows world to ignore that warning. I've seen very little software that does bother with that code signing.
Feb 21 2014
On 2/21/2014 5:50 PM, Brad Anderson wrote:On Friday, 21 February 2014 at 21:50:21 UTC, Nick Sabalausky wrote:Perhaps so. Although FWIW, there's also a *lot* of average-joe users (I personally know far too many) who flat-out *refuse* to read any word that ever appears on their screen. These retards^H^H^H^H^H^H^Hpeople^H^H^H^H^H^Hworthless wastes of carbon view "words" as things to be immediately shoo'ed away in a frenzy of mindless clicking and "How do I make this go away?!?!?" (Me: "Uhh, make what...well What does it say?" The Retard: "I dunno. I didn't read it." "[silently:]FFFUUUUCCCKKKKK YOOOOOOOUUUUUUU!!!!!!!!"). To be perfectly honest I actually *am* genuinely surprised to hear of the existence of retards who actually *do* read words on screens. Sounds almost like a paradise of geniuses compared to the bullshit I've always had to put up with.On 2/21/2014 3:57 PM, Brad Anderson wrote:I think it's ignored by users like you and I but at my work we'd get worried calls from our customers thinking our installer was unsafe so we ended up adding code signing.For $59.90 Walter could get a class 2 organization verification for Digital Mars and do code signing so we can get rid of that scary message when people run the installer. We use StartSSL for our code signing and website SSL and are happy with it.I think it's pretty much standard practice in the Windows world to ignore that warning. I've seen very little software that does bother with that code signing.
Feb 21 2014
On Saturday, 22 February 2014 at 06:59:00 UTC, Nick Sabalausky wrote:Perhaps so. Although FWIW, there's also a *lot* of average-joe users (I personally know far too many) who flat-out *refuse* to read any word that ever appears on their screen. These retards^H^H^H^H^H^H^Hpeople^H^H^H^H^H^Hworthless wastes of carbon view "words" as things to be immediately shoo'ed away in a frenzy of mindless clicking and "How do I make this go away?!?!?" (Me: "Uhh, make what...well What does it say?" The Retard: "I dunno. I didn't read it." "[silently:]FFFUUUUCCCKKKKK YOOOOOOOUUUUUUU!!!!!!!!"). To be perfectly honest I actually *am* genuinely surprised to hear of the existence of retards who actually *do* read words on screens. Sounds almost like a paradise of geniuses compared to the bullshit I've always had to put up with.And this is where if you're doing IT support, you add a nice little clause which requires them to read, and tell you any message they get. If they don't, well there won't be any stress on your end ;)
Feb 21 2014
On 2/21/14, 3:40 PM, Walter Bright wrote:On 2/21/2014 12:35 PM, Dicebot wrote:Neither have I... I know there is www.cacert.org but as far as I know their certs are still not integrated in the browser SSL store.On Friday, 21 February 2014 at 20:34:12 UTC, Walter Bright wrote:I never heard of it.dlang.org and dconf.org now support https, https://dlang.org https://dconf.org Note that this is a self-signed certificate, and so when you first access it you'll get a dire warning from your browser.Why can't free startssl certificate be used?
Feb 21 2014
On Friday, 21 February 2014 at 23:10:12 UTC, Jan Knepper wrote:On 2/21/14, 3:40 PM, Walter Bright wrote:Just going to throw this out there, but GlobalSign offers free wildcard certificates to open source projects. GlobalSign's root is in the standard CA stores. Might be worth checking out. https://www.globalsign.com/ssl/ssl-open-source/ Disclaimer: I am a GlobalSign reseller, but I have nothing to gain from their free certificate offers.On 2/21/2014 12:35 PM, Dicebot wrote:Neither have I... I know there is www.cacert.org but as far as I know their certs are still not integrated in the browser SSL store.On Friday, 21 February 2014 at 20:34:12 UTC, Walter Bright wrote:I never heard of it.dlang.org and dconf.org now support https, https://dlang.org https://dconf.org Note that this is a self-signed certificate, and so when you first access it you'll get a dire warning from your browser.Why can't free startssl certificate be used?
Feb 21 2014
On Friday, 21 February 2014 at 23:10:12 UTC, Jan Knepper wrote:Neither have I... I know there is www.cacert.org but as far as I know their certs are still not integrated in the browser SSL store.Last I checked cacert used their root key for automated signing, which is sort of scary, and their roadmap to migrate to proper CA hierarchy was long. No wonder they got no acceptance.
Feb 26 2014
On Friday, 21 February 2014 at 20:35:12 UTC, Dicebot wrote:On Friday, 21 February 2014 at 20:34:12 UTC, Walter Bright wrote:The whole certification principle is about how much you trust who sign the certificate. I trust digital mas much more than startssl.dlang.org and dconf.org now support https, https://dlang.org https://dconf.org Note that this is a self-signed certificate, and so when you first access it you'll get a dire warning from your browser.Why can't free startssl certificate be used?
Feb 21 2014
On Fri, 21 Feb 2014 15:55:02 -0500, deadalnix <deadalnix gmail.com> wrote:On Friday, 21 February 2014 at 20:35:12 UTC, Dicebot wrote:The problem is not who deadalnix trusts, it's who the browser trusts. I agree with others here, it should not be self-signed. It should be either unencrypted, or a trusted CA certificate. -SteveOn Friday, 21 February 2014 at 20:34:12 UTC, Walter Bright wrote:The whole certification principle is about how much you trust who sign the certificate. I trust digital mas much more than startssl.dlang.org and dconf.org now support https, https://dlang.org https://dconf.org Note that this is a self-signed certificate, and so when you first access it you'll get a dire warning from your browser.Why can't free startssl certificate be used?
Feb 21 2014
On Friday, 21 February 2014 at 20:55:04 UTC, deadalnix wrote:On Friday, 21 February 2014 at 20:35:12 UTC, Dicebot wrote:Wrong. Don't confuse PGP with SSL, latter has nothing to do with trust in its current form.On Friday, 21 February 2014 at 20:34:12 UTC, Walter Bright wrote:The whole certification principle is about how much you trust who sign the certificate. I trust digital mas much more than startssl.dlang.org and dconf.org now support https, https://dlang.org https://dconf.org Note that this is a self-signed certificate, and so when you first access it you'll get a dire warning from your browser.Why can't free startssl certificate be used?
Feb 21 2014
On 2/21/2014 3:55 PM, deadalnix wrote:On Friday, 21 February 2014 at 20:35:12 UTC, Dicebot wrote:Self-signed certs *can't* be trusted to be from the party they claim to be from. Anyone can generate a self-signed cert claiming to be Digital Mars.On Friday, 21 February 2014 at 20:34:12 UTC, Walter Bright wrote:The whole certification principle is about how much you trust who sign the certificate. I trust digital mas much more than startssl.dlang.org and dconf.org now support https, https://dlang.org https://dconf.org Note that this is a self-signed certificate, and so when you first access it you'll get a dire warning from your browser.Why can't free startssl certificate be used?
Feb 21 2014
22-Feb-2014 01:54, Nick Sabalausky пишет:On 2/21/2014 3:55 PM, deadalnix wrote:This. And since the site isn't dynamic and doesn't transmit private data the advantage of self-signed cert is highly dubious ;) -- Dmitry OlshanskyOn Friday, 21 February 2014 at 20:35:12 UTC, Dicebot wrote:Self-signed certs *can't* be trusted to be from the party they claim to be from. Anyone can generate a self-signed cert claiming to be Digital Mars.On Friday, 21 February 2014 at 20:34:12 UTC, Walter Bright wrote:The whole certification principle is about how much you trust who sign the certificate. I trust digital mas much more than startssl.dlang.org and dconf.org now support https, https://dlang.org https://dconf.org Note that this is a self-signed certificate, and so when you first access it you'll get a dire warning from your browser.Why can't free startssl certificate be used?
Feb 22 2014
On 2/22/2014 12:43 AM, Dmitry Olshansky wrote:This. And since the site isn't dynamic and doesn't transmit private data the advantage of self-signed cert is highly dubious ;)There isn't any private data on the site, it's just getting on the "https everywhere" bandwagon.
Feb 22 2014
22-Feb-2014 13:12, Walter Bright пишет:On 2/22/2014 12:43 AM, Dmitry Olshansky wrote:Yes, and then you get nothing useful - self-signed certificate doesn't prove the authenticity of your website. Hence it's both useless and potentially harmful due to browser barking on the self-signed crap and scaring our users away. Either get a CA-signed cert or we are much better off with plain HTTP. -- Dmitry OlshanskyThis. And since the site isn't dynamic and doesn't transmit private data the advantage of self-signed cert is highly dubious ;)There isn't any private data on the site, it's just getting on the "https everywhere" bandwagon.
Feb 22 2014
On 2/21/14, 3:55 PM, deadalnix wrote:On Friday, 21 February 2014 at 20:35:12 UTC, Dicebot wrote::-)On Friday, 21 February 2014 at 20:34:12 UTC, Walter Bright wrote:The whole certification principle is about how much you trust who sign the certificate. I trust digital mas much more than startssl.dlang.org and dconf.org now support https, https://dlang.org https://dconf.org Note that this is a self-signed certificate, and so when you first access it you'll get a dire warning from your browser.Why can't free startssl certificate be used?
Feb 21 2014
On 2/21/14, 3:35 PM, Dicebot wrote:On Friday, 21 February 2014 at 20:34:12 UTC, Walter Bright wrote:We could use a Free StartSSL certificate if that gives any benefit over a self-signed certificate.dlang.org and dconf.org now support https, https://dlang.org https://dconf.org Note that this is a self-signed certificate, and so when you first access it you'll get a dire warning from your browser.Why can't free startssl certificate be used?
Feb 21 2014
22-Feb-2014 00:34, Walter Bright пишет:dlang.org and dconf.org now support https, https://dlang.org https://dconf.orgGood idea.Note that this is a self-signed certificate, and so when you first access it you'll get a dire warning from your browser.That gets horribly wrong. With this kind of stuff we'd just scare away new users. Surely a CA signed SSL cert doesn't cost that much to ignore it. -- Dmitry Olshansky
Feb 21 2014
On Friday, 21 February 2014 at 20:34:12 UTC, Walter Bright wrote:dlang.org and dconf.org now support https, https://dlang.org https://dconf.org Note that this is a self-signed certificate, and so when you first access it you'll get a dire warning from your browser.Cool, that's always welcome. I actually serve all of my website exclusively through HTTPS. https://w0rp.com I bought my certificate from Comodo. I think I only paid something like 10 dollars for a year or something, which I put down as being less than the cost of dinner if I eat out, so I just bought it.
Feb 21 2014
On 2/21/14, 12:34 PM, Walter Bright wrote:dlang.org and dconf.org now support https, https://dlang.org https://dconf.org Note that this is a self-signed certificate, and so when you first access it you'll get a dire warning from your browser.At this point I'm just repeating what others have already said, but self-signed is seriously unprofessional. It's worse than not having https from a reputation standpoint.
Feb 21 2014
Am 21.02.2014 21:34, schrieb Walter Bright:dlang.org and dconf.org now support https, https://dlang.org https://dconf.org Note that this is a self-signed certificate, and so when you first access it you'll get a dire warning from your browser.When the certificate discussion is settled, it would be good to also get code.dlang.org set up for HTTPS, because it processes log in and registration requests containing passwords.
Feb 22 2014
On Friday, 21 February 2014 at 20:34:12 UTC, Walter Bright wrote:dlang.org and dconf.org now support https, https://dlang.org https://dconf.org Note that this is a self-signed certificate, and so when you first access it you'll get a dire warning from your browser.Captcha in the forum to avoid spam do not work when using HTTPS
Feb 25 2014
On Friday, 21 February 2014 at 20:34:12 UTC, Walter Bright wrote:dlang.org and dconf.org now support https, https://dlang.org https://dconf.org Note that this is a self-signed certificate, and so when you first access it you'll get a dire warning from your browser.hyphenator is linked through http, so the page is reported as partially encrypted. It will probably chase us in nightmares.
Feb 26 2014