 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On 7/28/2013 5:33 PM, Tom Metro wrote: > Bill Horne wrote: >> ...we're talking about putting up a "donations" page, and that means >> using SSL. > Not necessarily. You can outsource that to PayPal or Amazon, both of > which offer a turn-key payment collection system that runs on their > secure servers, which can be linked to from a non-secure page. I suspect that most potential donors would /rather/ have a "neutral third party" handle it, but I don't know for sure. > >> I want to know where I can get one for less. > Dreamhost (http://www.dreamhost.com/) charges $15/year for certs, but > that offer seems to be available only to their customers that host sites > with them. Since our site is /on/ Dreamhost, that's /really/ nice to know. They might want us to buy a shopping cart, though, but it's a good place to start. > StartSSL (http://www.startssl.com/) starts at free, and goes up to about > $70/year for an extended validation cert. (I've used them for email certs.) I'll check them out. >> I need a certificate from someone who's already in /EVERY/ browser... > A forum posting from 2010 where someone attempted to catalog the > browsers and other things that support StartSSL: > > https://forum.startcom.org/viewtopic.php?f=15&t=1802 > > And: > http://en.wikipedia.org/wiki/StartCom#Trustedness > > In contrast to CAcert.org, which also offers free Class 1 SSL > certificates, the StartSSL certificate is included by default in > Mozilla Firefox 2.x and higher, in Apple Mac OS X since version 10.5 > (Leopard), all Microsoft operating systems since 24 September 2009, > and Opera since 27 July 2010. Since Google Chrome, Apple Safari and > the Internet Explorer use the certificate store of the operating > system, all major browsers include support for StartSSL certificates. I didn't see them in Chrome's certificate list, but it might be under a different name. > >> ...I don't care if I use a company in South Africa or one in Beijing... > How about he Hong Kong Post Office[2]? :-) (Not sure what they charge.) > > 2. http://www.hongkongpost.gov.hk/product/ecert/apply/certapply.html As long as they're in the certificate list, I'm interested. > >> I only care if the users see a lock icon. > Sadly, the whole SSL cert model is only as strong as the weakest > certificate issuer that has widely deployed root certificates. No > end-user is scrutinizing issuers and rejecting certs based on that. As > long as the issuer does a good enough job to avoid the browser/OS > vendors from kicking out their root cert, little else matters. Bruce Schneier pointed out a while ago that what enables e-commerce isn't SSL, but simply the $300 statutory limit on credit-card fraud damages. PKI is, and always will be, 90 percent procedure and ten percent technology, and even though all credit-card thefts I've read about happened when "back office" servers were compromised, people still want to see the lock icon. Bill -- Bill Horne 339-364-8487
