free
/
freedomboneeee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Change advice on self-signed certs

This commit is contained in:
Bob Mottram 2016-10-28 23:39:06 +01:00
parent a66c124fb3
commit 5c7ee5bf28
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/EN/faq.org
View File

@ -285,10 +285,12 @@ ssh username@mydomainname -p 2222
Select /Administrator controls/ then *Security settings* then *Create a new Let's Encrypt certificate*.
* Why use self-signed certificates?
Almost everywhere on the web you will read that self-signed certificates are worthless. They bring up /scary-scary looking/ browser warnings and gurus will advise you not to use them. Self-signed certificates are quite useful though. What the scary warnings mean - and it would be good if they explained this more clearly - is that you have an encrypted connection established but there is /no certainty about who that connection is with/.
Almost everywhere on the web you will read that self-signed certificates are worthless. They bring up /scary-scary looking/ browser warnings and gurus will advise you not to use them. Self-signed certificates are quite useful though. What the scary warnings mean - and it would be good if they explained this more clearly - is that you have an encrypted connection established but there is /no certainty about who that connection is with/. They probably will protect the content of your communications from passive bulk interception - such as the tapping of under-sea cables.
The current strategy on this system is to typically create self-signed certificates during the initial installation but also to have the ability to easily convert those to LetsEncrypt certificates via the security settings on the administrator control panel.
You might say, /"but surely LetsEncrypt is a single point of failure!"/, and you'd be right. Maybe at some point in future LetsEncrypt is no longer a thing, or no longer considered sufficiently secure. That's why building in total dependence upon one organisation is a bad idea, and it's still possible to have self-signed certs as a fallback option.
* Why not use the services of $company instead? They took the Seppuku pledge
[[https://cryptostorm.org/viewtopic.php?f=63&t=2954&sid=7de2d1e699cfde2f574e6a7f6ea5a173][That pledge]] is utterly worthless. Years ago people trusted Google in the same sort of way, because they promised not be be evil and because a lot of the engineers working for them seemed like honest types who were "/on our side/". Post-[[https://en.wikipedia.org/wiki/Nymwars][nymwars]] and post-[[https://en.wikipedia.org/wiki/PRISM_%28surveillance_program%29][PRISM]] we know exactly how much Google cared about the privacy and security of its users. But Google is only one particular example. In general don't trust pledges made by companies, even if the people running them seem really sincere.
* Why does my email keep getting rejected as spam by Gmail/etc?