Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersLet's Encrypt - free https certificates - Mozilla deprecating http


14640 posts

Uber Geek
+1 received by user: 2722

Trusted
Subscriber

Topic # 171919 5-May-2015 14:09
Send private message

Mozilla is planning on restricting the functionality of unencrypted http sites (more here direct from Mozilla), only giving full functionality to https sites. This will be another nail in the coffin of Firefox IMHO, all it means is even the less trustworthy websites will have https in future. It really adds very little to security that your link is encrypted, given the low chance of interception, though perhaps the browsers apply more stringent security policy to https sites.

That led me to the website Lets Encrypt. Later 2015 this site will provide free certificates to enable https on websites. It's supported by Mozilla, Akamai, Cisco, The EFF, so should be successful. You can get certificates for $10 or less already, and may be able to get free certificates (though they didn't work for me), but this will increase adoption. One key factor is shared hosting, who may charge a fee for each website hosted, or make it difficult / impossible to install the certificates. All in all though Lets Encrypt seems like a positive move.

Create new topic
483 posts

Ultimate Geek
+1 received by user: 286

Trusted

  Reply # 1298418 5-May-2015 14:14
Send private message

StartSSL will also do free SSL certs, but that does not imply that the client browsers all have the CA installed and hence trust it.

14724 posts

Uber Geek
+1 received by user: 1987


  Reply # 1298420 5-May-2015 14:16
Send private message

Many shared hosts at the bottom end of the market don't let you install a SSL unless you move to a larger plan. Most will also charge for a dedicated IP, and they can cost an extra $10 per month per site. Basic brochure websites shouldn't need https. Even many shopping cart websites are just http, and this includes at least one of the major SAAS shoping cart providers. Google do apparently rank https websites higher than http ones already, so that should be enough.

 
 
 
 


2091 posts

Uber Geek
+1 received by user: 849


  Reply # 1298421 5-May-2015 14:17
Send private message

roobarb: StartSSL will also do free SSL certs, but that does not imply that the client browsers all have the CA installed and hence trust it.

Which makes them almost worthless.

14724 posts

Uber Geek
+1 received by user: 1987


  Reply # 1298422 5-May-2015 14:18
Send private message

I though cloudflare also offered free SSLs.



14640 posts

Uber Geek
+1 received by user: 2722

Trusted
Subscriber

  Reply # 1298423 5-May-2015 14:22
Send private message

HTTPS has two advantages, authentication that you're sending information who you think you are, and encryption of that information. Free and low cost certificates only do the latter.

CloudFlare does do free SSL/HTTPS, using what's effectively a massive wildcard certificate, and it relies on modern browsers to support the way it works (Server Name Indication). I have one custom written website that uses it that it works automatically on, but I found it quite problematic to get working with Wordpress, and in the end gave up.

483 posts

Ultimate Geek
+1 received by user: 286

Trusted

  Reply # 1298424 5-May-2015 14:27
Send private message

wasabi2k:
roobarb: StartSSL will also do free SSL certs, but that does not imply that the client browsers all have the CA installed and hence trust it.

Which makes them almost worthless.


Perhaps, I should have qualified that, the root CA is not on older operating systems, I often do testing with older machines. Modern ones including mobiles seem to recognized StartCom CA. Not all mobile browsers let you easily see the certificate.

What does this tag do
998 posts

Ultimate Geek
+1 received by user: 211

Subscriber

  Reply # 1298463 5-May-2015 15:30
One person supports this post
Send private message

The key advantage of Lets Encrypt is that certs will automatically renew, so it is truly set and forget if all implemented well.
Really should be almost as easy as flipping a config switch. Looking forward to it!

21983 posts

Uber Geek
+1 received by user: 4645

Trusted
Subscriber

  Reply # 1298466 5-May-2015 15:33
Send private message

The problem with SSL on mobiles is the crap user experiance that you get on cert failures. I can only see this making it worse with people just pressing "continue" on warnings about secure connections not being established when these dodgey certs pop a warning up.




Richard rich.ms

14724 posts

Uber Geek
+1 received by user: 1987


  Reply # 1298474 5-May-2015 15:40
Send private message

Unless Apple do this first, I can't see Mozilla doing it. If they do, people will just switch to other browsers. I would say many websites on the net are published and are then never touched, so you do have a lot of very old websites on the net. Many are just static so pose no security issue. Even if websites do have encypted form, many are sent unsecurely via email. I think a bigger risk is hacked CMS's and malware that gets injected into those site. I often see old wordpress website still running wordpress 3.1 and some even older, which are not secure.

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Orcon announces new always-on internet service for Small Business
Posted 18-Apr-2019 10:19

Spark Sport prices for Rugby World Cup 2019 announced
Posted 16-Apr-2019 07:58

2degrees launches new unlimited mobile plan
Posted 15-Apr-2019 09:35

Redgate brings together major industry speakers for SQL in the City Summits
Posted 13-Apr-2019 12:35

Exported honey authenticated on Blockchain
Posted 10-Apr-2019 21:19

HPE and Nutanix partner to deliver hybrid cloud as a service
Posted 10-Apr-2019 21:12

Southern Cross and ASN sign contract for Southern Cross NEXT
Posted 10-Apr-2019 21:09

Data security top New Zealand consumer priority when choosing a bank
Posted 10-Apr-2019 21:07

Samsung announces first 8K screens to hit New Zealand
Posted 10-Apr-2019 21:03

New cyber-protection and insurance product for businesses launched in APAC
Posted 10-Apr-2019 20:59

Kiwis ensure streaming is never interrupted by opting for uncapped broadband plans
Posted 7-Apr-2019 09:05

DHL Express introduces new MyDHL+ online portal to make shipping easier
Posted 7-Apr-2019 08:51

RackWare hybrid cloud platform removes barriers to enterprise cloud adoption
Posted 7-Apr-2019 08:50

Top partner named at MYOB High Achievers Awards
Posted 7-Apr-2019 08:48

Great ideas start in Gisborne with hackathon event back for another round
Posted 7-Apr-2019 08:42


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.