TLS by choice

Over the past couple of days Lauren Weinstein has covered some of the problems of unencrypted web traffic. The example he gives is Rogers, a national ISP/cable TV conglomerate interfering with users’ use of Google. What Rogers is doing in this case is annoying and arrogant, but fairly benign. It does clearly show what they’re capable of, though.

Today he makes a good point about self-signed certificates. This is interesting to me because I recently moved to a VPS so I could be in control of such things, and I made sure to get a few extra IP addresses to make sure I could do a couple of flavours of TLS when the time came.

Today I was reading up on how to generate self-signed certs (the openssl command-line tool has never been a strong point of mine) and came across CAcert, which provides some of the benefits of a commercial certificate with none of the cost and only a small amount of the hassle.

The result for now is that I can get six-month TLS certificates with CAcert vouching for my identity. If I go to some identity-verification parties I can collect points and eventually get up to a two-year term on a certificate, but I probably won’t. I haven’t read up on how they avoid people gaming the system at these events, but I’ll bet it isn’t hard. I’ll just stick with my six-month certs for now, and when I start selling my prints I’ll pony up the money for a commercial certificate for that and keep going with the six-month certs for the sites where no money changes hands.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s