X.509 certificates for https://gnupg.org [was: Re: Another step towards crowdfunding]

Micah Lee micah at micahflee.com
Tue Dec 17 04:05:20 CET 2013


On 12/16/2013 12:35 PM, Daniel Kahn Gillmor wrote:
> Regardless of how you feel about the CA cartel in general, StartSSL is
> not the only member of the cartel offering gratis certs, particularly
> for well-known free software projects 

Oh interesting, I didn't realize there were other CAs that give gratis
certs. I don't think it matters at all what CA is used as long as
browsers trust it, and I only suggested StartSSL because it's less scamy
when it doesn't cost money.

I hope some day one of the decentralized trust solutions takes over CAs.

But on the topic of improving the HTTPS support on gnupg.org, I think
torproject.org is pretty much an ideal example. They serve binaries of
Tor Browser Bundle from https://www.torproject.org/ and have been
attacked by governments all over the world, so they've put a lot of time
and energy in doing things right. I'd like to see GPG have just as good
web security.

(And for that matter, why do I have two cookies in my browser that
gnupg.org set? _pk_id.1.9e41 and _pk_ses.1.9e41 -- the id one is a
unique id, which means it can be used to track my movements through that
domain even if I switch IPs.)

-- 
Micah Lee

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20131216/204fcad3/attachment-0001.sig>


More information about the Gnupg-users mailing list