Jason Airlie's Blog » General

SSL is holding back encryption on the Web

Jason — Tue, 26 Oct 2010 17:33:48 +0000

I have combined below 2 of my comments on a blog post over at http://www.owlfolio.org/htmletc/more-ssl-errors/ . I post them here as my own permanent copy.

Please stop treating self signed certs as worse than no security! I still can not understand why Mozilla treats a small increase in security as if it were a massive decrease. Give self signed certs equal status as no security.

First of all, don’t let people use self-signed. Really, just don’t. Their is no need for that.

You may not have a need but I do. This stubborn insistence on forcing encryption to be locked with identity verification has crippled the use of encryption on the web. Yes I understand the importance of the combination, but SSH handles the problem properly. The Perspectives extension takes the SSH model and adds another level of protection.

SSL certs are too much of a pain to get, setup and maintain. Small admin mistakes cause scary looking errors for end users, often when no actual problem exists.

If I use a self signed cert on my own website, I know I can trust it, I don’t need someone else to vouch for me! I can handle adding the cert in my browser, but my Wife and family get freaked out and the end result is we must teach them to ignore the error, or not use encryption. Not exactly the ideal outcome.

Yes MITM happens, but it’s not exactly common. The Perspectives extension is one better way to handle it.

Encryption without authentication is not useless, far less valuable, but not useless. As long as I continue to see the same cert, I don’t need anyone else to ‘authenticate’ my site for me! The same goes for the internal site I setup for work. When I tell people “this is our intranet web site”, I am vouching for the authenticity of the site. No one else need get involved.

If I can be certain that the Amazon.com website is presenting me with the same cert it has presented me with the last 50 times I went there, I can be reasonably confident that it is the real Amazon.com. If I know other people elsewhere are seeing the same cert I can be even more confident.

Phone as desktop replacement

Jason — Sat, 22 Aug 2009 16:18:10 +0000

As more and more people replace desktops with laptops. I wonder what will happen when smart phones start to be powerful enough for most of our computing needs. Will phones replace the laptop and the desktop? Add a docking station for a full size monitor and keyboard and some of the phones out now could almost be good enough.

1and1 can be really stupid.

Jason — Wed, 13 May 2009 23:59:11 +0000

First let me say that I like 1and1. I have hosted all my websites with 1and1 for several years now and have had only minor issues.

When I first signed up with 1and1 I created 2 separate packages, they were both associated with the same account. One for my personal sites and one for all of Camp Dixie’s sites. At the time it seemed like it might be important to have some separation between Camp Dixie’s official sites like CampDixie.org and CampDixie.net that Camp Dixie owned and unconnected or unofficial sites like OpenSourceList.org and CampDixieAlumni.org that I owned.

Eventually I decided that I could still have that seperation with out having sperate hosting packages so I decided to move all the domains to one package.

This is where it gets stupid.

If I were transferring a domain, say JasonAirlie.com from one web host to another, I could leave the hosting active at the old host and start it at the new. As the DNS changes for JasonAirlie.com propagated some people would see the site at the old host, some at the new host. There would be no downtime, email would not bounce, search engines would have no problem finding my site and the transition would be relatively painless.

Since both domains are hosted at 1and1, under the same account but separate packages, to move a site from one package to another I would have to delete the domain from one hosting package, wait for the change to become final, 1-2 days, and then recreate the domain on the other package. During all that, my website would be inaccessible and email would bounce. Staying with 1and1 would be more painful than moving to another web host. The reason for this is obviously a technical limitation of their system. However allowing this limitation to remain gives customers a large incentive to take their business elsewhere.

So I will be slowly moving all my domains to Dreamhost.

Weave is awesome

Jason — Fri, 11 Jul 2008 14:51:47 +0000

Weave, an addon for Firefox that syncs bookmarks, passwords, cookies, and the like, is very awesome. It is still in an early testing phase, and thus subject to the occasional hiccup, but when it works properly it can be quite handy. With the possiblity of it someday being able to sync other things, like plugins, browser settings, and plugin settings. It could soon be even cooler.

Back from Camp Dixie

Jason — Mon, 23 Jun 2008 20:29:13 +0000

Just got back from Camp Dixie. I spent to wonderful weeks up there. I am tired and a bit worn out but nothing a night or 2 of rest and readjusting to my work schedule won’t fix.

Stupid spammers

Jason — Mon, 02 Jun 2008 20:16:34 +0000

17500 email messages today, mostly spam backscatter. Magic Mail Monitor to the rescue! I was able to quickly delete ~ 17000 messages.

Wiki plugin wanted

Jason — Fri, 30 May 2008 17:32:50 +0000

I want a Firefox add-on that will let me cache select Wikipedia pages for offline reading, and automatically update the cache as needed.

Oh and work with my intranet TikiWiki as well.

Email swamped

Jason — Wed, 28 May 2008 12:41:16 +0000

So, some spammer decided to use one of my domains as the return address on their latest spam run, so I got stuck with the backscatter. 7435 messages this morning. Whee.

Wii friends?

Jason — Tue, 30 Jan 2007 20:56:04 +0000

Anyone out there want to share Wii numbers?

It’s about time I write something here

Jason — Tue, 08 Aug 2006 17:50:03 +0000

But not today.