SSL certificates. Costly things, right? A nightmare finding a free one. And when you do find one, they're either trials (StartSSL is only free for a year) or not out yet (AlphaSSL's free SSL service which isn't out yet and I forget the URL for). And if you've heard of CACert, they require ID and other stuff like that. Not everyone has (or is willing to give) what they're asking for. Like those little kiddies who're joining the website-making craze. Anyway, the solution is a simpler SSL CA. Simpler for developers. Simpler for users. So, /endadvert. What this will be comprised of is:
-A VPS with lighttpd, PHP, MySQL, etc. (and OpenSSL for cert generation) (probably from Host1Free, but if HullBreach would kindly gve us some server time that'd be nice)
-A root CA certificate
-A GitHub repo
-Dedicated volunteers
Now, you might think it's insecure. So, here's what we'll do. You know those lovely bright green bars with a company's name on it (which means highly trusted)? They require EV (Extended Validation) certificates, which we will review applications for manually, by hand. So if you see a green bar saying "DSiPaint" for example, if DSiPaint will use OpenCert, you know that site has been manually reviewed.
So, what do you think? Good idea? I'd like to ask the following awesome guys to help out:
HullBreach
GuitarBoy
Skittles
and you! If you want to help (and you're not on the list, duh) just message me here, or email me at j005a [@] outlook [.] com with the subject being "OpenCert Dev Application". Include a portfolio and your username here, programming languages you know and why you want to help. So, cya web devs. Byyyyyye!
I'd be glad to host it on znc.wolfmitchell.com, provided it does not take my 200GB of bandwidth
@jsa005
21 Mar 2013 09:38
In reply to wolfmitchell
Great! Although, could you change it from znc.wolfmitchell.com to ocert.wolfmitchell.com please? Here's all we need:
-OpenSSL
-SSH (please )
-FTP (it makes my life so much easier, if not then SFTP will do OK)
-PHP
Add me
SSL certs are a pain. They give me a headache just to use with all the private keys, public keys, encapsulations, chaining, authorities, roots, personals, intermediates, organization units, etc., etc., etc.
For the non-technical in the audience, here is the economic premise behind certificates:
A company's business savvy nerds think "Hey, lets become an authority on who is good and who is bad!" How is this done?
Well, they toss large amounts of bribe money at browser and operating system vendors to pre-install their root authority designators. Then these companies make large sums of money by selling "authorized" encryption files, called certificates, that reference their bribes as nice, green, padlocked address bars on all websites for people who feel for these bribes to make those visiting the websites have a false sense of safety.
In reality, anyone can be a certificate authority, but not anyone can have $100,000US to bribe browser and operating system makers. Banks and companies that do private communication will provide these self-signed authority files for those using their services to manually install in the browsers and operating systems to give the touchy-feely green padlock.
You are no more or less safe using a bribery authority or uncle Joe's Linux cloud authority. It all depends on the level of encryption or if someone is able to get ahold of the encrpytion key (as had been done with the bribery authorities).
The only reason names like Verisign, GoDaddy, Thawte, Digisign, COMODO, or AOL, seem like trustworthy companies is that they bribed someone to make you think they are.
The idea of this is that it's free, and we hopefully get it in Firefox (Chrom[e/ium] wouldn't really work since it uses the OS cert store, but anyway )
By @jsa005
)
@HullBreach
)
