News | Forum | People | FAQ | Links | Search | Register | Log in
Site Help
This is the forum to ask questions about this website, report things that are broken, request features, etc.

Be sure to check out the FAQ as well.
First | Previous | Next | Last
Seconded 
Drunken Scampie from like 9 years ago agrees too:
http://www.celephais.net/board/view_thread.php?id=23795&start=892&end=892

I was mad he changed my 'Other Games' thread to 'Other PC Games'. Go read the first 800 so posts, it's very much about all games. He only got away with it because I stepped down as mod year or so before that and thus couldn't fix my thread. 
 
Yeah I agree with those ideas 
Spirit. 
What ARE you waffling on about now? 
 
http://www.celephais.net/board/view_thread.php?id=61253

Next time I will look at the news section and post my maps there.. 
And? 
Get a sense of humour you choad. It's hardly secret editing. 
 
It SHOULD be tagged with a "- Moderator" or something. I don't think that's unreasonable. 
BTW. 
Sorry I SECRETLY EDITED the news post to put in the precious .zip link :P 
Quoting A Url 
http://celephais.net/board/ 
 
Let's Encrypt is public and incredibly easy get a cert with via https://gethttpsforfree.com/

Would be great if func got HTTPS. 
 
what is the point of https unless you are doing things that need to establish encrypted comms? 
 
Why would you want to let state surveillance track all our behaviour and communications online? Why should shady agencies be invited to know what you are reading?

It's none of their business. Everything should be encrypted. 
 
We need a tinfoil hat emote too. Please add one for us NSA. 
 
i'm surprised it's a free service, since normally the price you're paying for a certificate is the security that the key is stored in. 
 
I'm open to this but sleepwalkr would have to do the actual setup, since i don't have access to install this kind of stuff AFAIK.

P.S. one obvious use for https is that you send your password over the internet when you log in (and after that you send a hashed password with every page request.) Asssuming you don't use your func password for any other website it's not a huge risk but still, why not make it more secure? 
 
One reason to care about https is that Google cares when listing search results: http://googlewebmastercentral.blogspot.com/2014/08/https-as-ranking-signal.html 
Necros 
It's a joint effort by Mozilla, the EFF and others to make global HTTPS an easier target to reach. The private key nevers leaves your own infrastructure in any sane procedure.

Expensive certs might have more validation, LE is "just" domain based. You show that you control "quakewiki.org" and they sign your cert for it. "Blue" certs require more proof of your identity but are not necessary unless you are transferring actually sensitive data like money.

Any CA can be breached or made accomplice in MITM.

Scampie: Did you miss the last 2 years of news? 
Necros 
It's a joint effort by Mozilla, the EFF and others to make global HTTPS an easier target to reach. The private key nevers leaves your own infrastructure in any sane procedure.

Expensive certs might have more validation, LE is "just" domain based. You show that you control "quakewiki.org" and they sign your cert for it. "Blue" certs require more proof of your identity but are not necessary unless you are transferring actually sensitive data like money.

Any CA can be breached or made accomplice in MITM.

Scampie: Did you miss the last 2 years of news? 
OMG NSA STOP REPLAYING MY PACKETZ! 
 
 
Wouldn't this have to come with a bunch of other changes as well? If you don't have to log in to see the content, what good is encrypting anything?

I admit to ignorance on this, I just don't see how it stops bots from skimming the text... 
 
Nah, that's a different thing. Func is a public forum.

Jere the encryption would make sure that your login data is transmitted safely and that no one knows what you _read_.

There is nothing sensitive at func but we should strife to make privacy the norm. 
Oh No 
the govorment stealing mah quakes 
 
getting a bit hazy on these details, but aren't public keys built into browsers? if anyone can gets certs, these will go into the browsers as well? 
Public Keys 
The public keys are, as the name suggest, public. They don't need to go into the browser because the server will transmit them to anyone who requests them.

If you request the public keys for a server, there are two questions of trust at stake.

1. How do I know that the person who sent me this public key has the private key to go with it? (Threat: an attacker could get the public key and then relay it to you.)
2. How do I know that this public key belongs to the server I want to talk to? (Threat: an attacker could send you details of a different public key which they have the private key for)

The first question is answered by a challenge-response system - you ask your counterpart to encode a random message using the private key, and check that the public key unlocks it.

The second question is answered by having a trusted party sign the key. This works a bit like our challenge-response, but the encrypted message is hard coded, and unlocks using the public key of a trusted party. In this case, the trusted party will be letsencrypt, and it's their public key which gets built into your browser or operating system. The hard-coded message should decrypt to say that "this key is valid for that server", and you don't trust it if it says anything else.

So then, you might reasonably ask, if letsencrypt will give anyone a certificate, what stops an attacker from getting their own key signed to work on somebody else's server? The reason that doesn't work so easily is that letsencrypt will give the certificate to anyone, so long as they can prove they control the server. This usually involves uploading a specific file to a location specified by letsencrypt - you only get a signature once you meet this challenge. 
"You're Privacy Is Literally Raped :^)" -Edward Snowman 
 
 
"Your" 
First | Previous | Next | Last
You must be logged in to post in this thread.
Website copyright © 2002-2024 John Fitzgibbons. All posts are copyright their respective authors.