Clinton Ebadi <[email protected]> wrote: > A short-term solution, at least for signing up new members, would be to > accept Gandi's offer of a free one year certification, and move the join > scripts to hcoop.net/join instead of join.hcoop.net. This would at least > improve the initial impression of hcoop, and costs us nothing. Thoughts? > I am inclined to just grab the certificate when I renew hcoop.net (I > think since it doesn't involve money, this falls under authority > delegated to sysadmin volunteers).
Taking up Gandi's offer actually sounds like a good idea to me. I am also inclined to trust Gandi more than StartSSL, but I must also admit the complete lack of objectivity in my trust. > If we go with StartSSL, we have to appoint a certmaster who has their > identity verified ($60/year), and also verify the organization yearly > (another $60). At that price, it *might* be worth spending $160/year for > a Gandi wildcard cert, although there are some security advantages to > issuing separate certifications per subdomain and the StartSSL option > provides identity information. I am not sure we are actually permitted > to use a wildcard cert either, since we offer subdomains to members > freely. Perhaps as long as the cert doesn't include identity > information? I think a wiki page for discussion is in order (hint hint, > nudge nudge). About attaching identity to the cert, I'm not sure it's worth all the money and trouble. Not seeing a big honking warning from the browser would be good enough. :) And if it's cheaper, certs for just the more critical subdomains (members, mail) would be good enough too. Btw, I started a wiki page. http://wiki.hcoop.net/HeartBleedAfterMath It's not even sketchy, and I am sorry about the page URL: turns out I can't rename it or just start a new properly titled page without leaving a dangling one behind. I would be happy if someone could fix that. Also, the wiki encountered an internal server error when I requested a password reset. It emailed me a reset token anyway, but another internal server error happened when I created a new password. And then it let me use the new password. What's up with that? -- "the lyf so short, the craft so long to lerne." -- Chaucer. _______________________________________________ HCoop-Discuss mailing list [email protected] https://lists.hcoop.net/listinfo/hcoop-discuss
