[Novalug] Displaying Clean Web Pages

Theodore Ruegsegger gruntly@gmail.com
Fri Dec 4 14:14:57 EST 2009


Peter Larsen wrote:
> I fail to see the value of encryption without the validation?

Since you presented this as a question, my answer is yes, you fail to
see the value. ;-)

An example that comes to mind is a website inside an organizational
intranet (i.e., behind a firewall), where we want to authenticate
users and encrypt traffic but perceive the risk of a site hijack to be
acceptably small. Granted, this isn't the focus of your original rant,
namely Internet-facing "open source" sites, where authenticating the
site likely matters a lot.

> To me they're both required if I'm supposed to send sensitive information over the wire. If the site only worries about login credentials, that can be solved better without the use and implementation of SSL.

Interesting. How?

> http://www.earthtimes.org/articles/show/thawte-to-offer-free-ssl,1028851.shtml

That's certainly nice of Shuttleworth! Do you happen to know how easy
it is to get approved for this service? Can anyone with an "open
source" application and a website get a free cert? Could tux.org, for
example?

Ted



More information about the Novalug mailing list