Over the past couple of days Lauren Weinstein has covered some of the problems of unencrypted web traffic. The example he gives is Rogers, a national ISP/cable TV conglomerate interfering with users’ use of Google. What Rogers is doing in this case is annoying and arrogant, but fairly benign. It does clearly show what they’re capable of, though.
Today he makes a good point about self-signed certificates. This is interesting to me because I recently moved to a VPS so I could be in control of such things, and I made sure to get a few extra IP addresses to make sure I could do a couple of flavours of TLS when the time came.
Today I was reading up on how to generate self-signed certs (the openssl command-line tool has never been a strong point of mine) and came across CAcert, which provides some of the benefits of a commercial certificate with none of the cost and only a small amount of the hassle.
The result for now is that I can get six-month TLS certificates with CAcert vouching for my identity. If I go to some identity-verification parties I can collect points and eventually get up to a two-year term on a certificate, but I probably won’t. I haven’t read up on how they avoid people gaming the system at these events, but I’ll bet it isn’t hard. I’ll just stick with my six-month certs for now, and when I start selling my prints I’ll pony up the money for a commercial certificate for that and keep going with the six-month certs for the sites where no money changes hands.