10-24-16 05:33 PM
31 12
tools
  1. joeragan's Avatar
    Thanks for the app, Martin!

    Posted via my Z30STA100-2/10.3.2.2876
    10-09-16 05:38 PM
  2. Webbeh's Avatar
    I, for one, sure as hell don't want to see Let's encrypt and similar free certificate authorities listed in my root trust store.

    The CA industry is flawed in pretty much any imaginable way already, with the most notable examples of Diginotar and, more recently, StartEncrypt.

    Let's encrypt's validation system, although robust, isn't guaranteed to be perfect. No CA's validation system is, actually.

    ...but at least, due to their price, people would have to invest a lot of money to circumvent the validation system of other CA.
    It's not the case anymore.

    Posted via CB10
    10-10-16 06:51 PM
  3. Leo J's Avatar

    You also seem to be less than impressed by the system, why then do you suggest trusting a certificate from a site provisioned by let's encrypt without even using the CA, since as you suggest that could lead to trusting a certificate from a site that has been "back doored".
    I do it this way, but only for websites that don't require me to give up any information. So, if a blog or a news site I want to read uses Let's Encrypt, then I'll just go ahead and allow it. But if my online banking started using Let's Encrypt, then I'd probably switch banks. Luckily this will probably never happen.
    10-24-16 06:24 AM
  4. Webbeh's Avatar
    There are news about this topic.

    WoSign and StartCom/StartSSL are now distrusted from Mozilla's root trust store for a period of one year.

    Certificates generated after the 21st of October 2016 (that is : 3 days ago) will not be supported by Mozilla products, and it's pretty sure that others will follow.

    I am using StartSSL domain validated certificates, and I didn't know that WoSign owned Startcom since the end of 2015. But it explains a lot of problems and downtimes I've had with them.

    This update shows that we shouldn't trust CA's blindly.

    There are details about this here :
    https://docs.google.com/document/d/1...=h.i3mmrrue73l
    10-24-16 08:18 AM
  5. Richard Buckley's Avatar
    I do it this way, but only for websites that don't require me to give up any information. So, if a blog or a news site I want to read uses Let's Encrypt, then I'll just go ahead and allow it. But if my online banking started using Let's Encrypt, then I'd probably switch banks. Luckily this will probably never happen.
    You may already know this, but for people who don't:

    Let's encrypt only provides Domain Validation Certificates. That only assures a visitor that the entity that controls the site requested the certificate. If that entity is criminal or a hacker a domain validation certificate will not protect you.

    You should not do any commerce or sensitive transactions on-line unless the site has an enhanced validation certificate. At least until DNSSEC is fully rolled out and we can put this whole CA mess behind us.

    LeapSTR100-2/10.3.2.2876
    10-24-16 11:34 AM
  6. Webbeh's Avatar
    And for those who don't understand those terms :

    Let's encrypt allows anyone to secure their own domain, even hackers. That's why you should beware when using your credit card information on the Web. You should only input them on websites that not only have the green URL bar and the lock, but also that have their name besides the URL.

    Adding certificates/trusting them by yourself is fine if you know why the cert wasn't trusted in the first place. And the only viable reason I see is if it's your domain and you self signed the cert.

    Posted via CB10
    10-24-16 05:33 PM
31 12

Similar Threads

  1. It's a good battery day for me!
    By blackbirdy in forum BlackBerry Priv
    Replies: 37
    Last Post: 05-09-16, 09:20 AM
  2. BlackBerry v Jolla or: How Can a Company Fail?
    By ominaxe in forum Armchair CEO
    Replies: 12
    Last Post: 03-01-16, 05:24 PM
  3. What is the best Bluetooth device for the Classic?
    By CrackBerry Question in forum Ask a Question
    Replies: 2
    Last Post: 02-19-16, 02:51 AM
  4. WTB: Red BlackBerry Passport
    By krugbot in forum Buy, Sell, Trade - Sold / Archived
    Replies: 2
    Last Post: 02-17-16, 08:16 AM
LINK TO POST COPIED TO CLIPBOARD