D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Security - HTTPS

 

On 08/04/14 15:47, bad apple wrote:
> 
> To obtain your SSL cert, ignore anyone who might suggest using a
> freebie, but recognised by most default browser CA stores, cert from
> people such as startssl.com. These are all guaranteed to be escrowed to
> agencies for your protection (google away if you like, startssl are an
> Israeli outfit long suspected of Mossad/NSA collusion).

In defence of StartSSL there is surprisingly little up-sell.

Whilst if anyone is going to manipulate a certificate authority in
Israel Mossad is going to be a prime contender, if you suggest
alternative provider covered by so the Patriot Act I'm going to pull
your leg ruthlessly.

Besides unless you do some sort of pinning or stapling will folk even
notice who sold you out, or will it matter if it is the same provider
issuing a different certificate, or a different CA issuing a bogus
certificate (they don't have your private key). So you might as well go
with the cheapest competent provider.


-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq