[Xastir] https server is now operational

[eric at christensenplace.us]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 2014-06-25 10:37, Jason KG4WSV wrote:
>> On Jun 25, 2014, at 9:32 AM, "Eric H. Christensen" 
>> <eric at christensenplace.us> wrote:
>> 
>> Unfortunately a self-signed cert can't protect against MITM attacks 
>> until that certificate is downloaded (how can you know that you have 
>> downloaded the correct cert?).  You can get a CA to sign the 
>> certificate for around $10 from ssls.com.  Also, the cert doesn't 
>> support www.xastir.org which can be problematic.  I'd also suggest 
>> signing the key with at least SHA256 instead of SHA1.
>> 
>> Also, it appears that the server supports EXPORT cipher suites.  I'd 
>> recommend just supporting HIGH ciphers.
> 
> Dude, this is protecting a wiki password from spammers; it isn't your
> bank account or anything.

Hmm...  I suspect this is all about perception.  People expect a certain 
amount of protection when they see a TLS-secured website.  As someone 
who has to work with all kinds of websites it's important to do things 
correctly.  If not, then why do it at all?  Also, this is *not* going to 
protect you from spammers.

- --Eric
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQGcBAEBCgAGBQJTquBXAAoJEB/kgVGp2CYvUA0L/2c8axU00R2Ye2HRisAoBaev
wl2Z25lcFJqTzDQEZqeaGsw3tNXMpIjMGcnXfKhCqjyH6XJfIVubu3xmoR0oQaQt
vc1GzUzMQ0vif1tEfhL0U2/GzrDgeDyPigz4HH17m2x2grZZalAPlz8xq/+4GbvR
eIkpWbTHOGnGbnYu5u6ohjBetnQJoSy5BlsPGLYtS6NLuECeXnhZKXlYEjrPOIdu
07RT7WcMUnQZBzT/ctzaCb8EoIAevy9IHYESl80H/v38oki70E6c35dlzdEhnIAH
jZNFUz5StcbDIKJpkMx1ZQhPaiklmjfQuTgsd8Q7Jn+uDEUob/1fJfqk0Gdvrild
A06hZpgcX2ffGKcgCybSOp/C1jbKftUrZknu64QXNNnDC0ZonVyyAfPkGSEaT616
PjzMMv1u3wJ+GH+ip/kAflFFS1LYAc4VUuCVmjfks2Ga4Q1F5maD6+hMUi4BD7iN
ZpsGpmojkF9usV+rd9YDDl0ORAEMyLRkUe+NCc6Dqw==
=TtrZ
-----END PGP SIGNATURE-----