Re: ssl (23/10/17 22:44:04)
This *is* good. Although you should keep in mind, that TLS is only as strong an encryption as the ciphers and hash-algos you use.
The not as good side is that all websites need to:
-spend money on certificates.
Nope. Unfortunately StartSSL damaged the field very bad. But there's still https://letsencrypt.org" and cacert.org. Most unfortunately, the latters are not welcomed by the major browsers. Letsencrypt, though, *is*. So you do have free certificates at your hands. Most professional web hosting companies do offer comparably cheap "professional" certificates as well.
-reveal their identity
Why? When you order an TLS certificate, you can create your own CSR. What information you put into that request, is your choice.
-or spend more money on hiding their identity.
( Roll back the clock to '95. There wouldn't be Fravia - at least not for long.)
IBTD. Especially Fravia would have found enough people helping out. Ever searched whois for the different domains you could then use to get access to his website?
"CAA creates a DNS mechanism that enables domain name owners to whitelist CAs that are allowed to issue certificates for their hostnames. It operates via a new DNS resource record (RR) called CAA (type 257). Owners can restrict certificate issuance by specifying zero or more CAs; if a CA is allowed to issue a certificate, their own hostname will be in the DNS record."
Hadn't seen this before. Will have to read up.
|back to main board||expand thread|