Can we have encrypted (SSL) HTTPS to the forum

1« Previous thread | Next thread »
- zomzom
- ᵀᴴᴱ'ᴼᴿᴵᴳᴵᴻᴬᴸ
- Ex-Muslim
- offline
Can we have encrypted (SSL) HTTPS to the forum
OP - July 07, 2012, 12:42 PM

Any chance we can get HTTPS connection to the forum, rather then the normal HTTP connection (preferably both), i use HTTPS plug in extension for firefox, called HTTPS everywhere, so alot of my pages are encrypted preventing ISPs snooping. I am kind of paranoid about ISP snooping, and protecting WIFI connections.

Or we can do with a Self Signed SSL certificate. To save money.

Also this will give more protection to those coming into cemb from Islamic countries where ISPs are encouraged to monitor.

How much do you think this will cost to implement, because it would be a good idea to have a quick whip round, am willing to chip in a few pounds...

------

More info in what HTTPS is:
https://www.youtube.com/watch?v=_p-LNLv49Ug

Supplementary: https://en.wikipedia.org/wiki/HTTP_Secure

Left the forum: http://www.councilofexmuslims.com/index.php?topic=22997
- toor
- Administrator
- offline
Re: Can we have encrypted (SSL) HTTPS to the forum
Reply #1 - July 07, 2012, 01:39 PM

SSL is a good idea in theory, but they depend on one trusting the CA. Personally, I've been wary for a while.

Also, an SSL connection is not necessarily sufficient security if you don't check the certs you're using.

Before it gets too late, you will find escape.
- zomzom
- ᵀᴴᴱ'ᴼᴿᴵᴳᴵᴻᴬᴸ
- Ex-Muslim
- offline
Re: Can we have encrypted (SSL) HTTPS to the forum
Reply #2 - July 07, 2012, 02:39 PM

Quote from: toor on July 07, 2012, 01:39 PM
SSL is a good idea in theory, but they depend on one trusting the CA. Personally, I've been wary for a while.

Also, an SSL connection is not necessarily sufficient security if you don't check the certs you're using.

yeah but for this website it would be good, it can have one http connection and one SSL connection, I don't mind accepting a self signed ssl certificate by CEMB, I can trust CEMB if you get what I mean. I think its a good idea and should be implemented. It protects wifi traffic, and prevents ISPs snooping i.e. prevents man in the middle attacks. Which are becoming increasingly common place.

CEMB can sign the cert, we know CEMB isn't going to conspire with the government, so I think it will be a good idea. - this addresses the link you posted to the article. SSL itself is still secure, unless the signing authority is conspiring with the government, so if CEMB sings the certificates itself it takes that out of the equation. Google sings it own SSL certificates.

Left the forum: http://www.councilofexmuslims.com/index.php?topic=22997
- toor
- Administrator
- offline
Re: Can we have encrypted (SSL) HTTPS to the forum
Reply #3 - July 07, 2012, 03:15 PM

Good luck trying to convince people to accept hand-rolled SSL. Any sensible browser would complain about it, and making an exception for it might amount to leaving a footprint of CEMB use (potentially undesirable), although it would be a useful way of spotting that someone's trying to snoop on HTTPS.

Google acts as an intermediate CA, incidentally - Thawte is the ultimate CA for the HTTPS google sessions I've got going.

Before it gets too late, you will find escape.
- zomzom
- ᵀᴴᴱ'ᴼᴿᴵᴳᴵᴻᴬᴸ
- Ex-Muslim
- offline
Re: Can we have encrypted (SSL) HTTPS to the forum
Reply #4 - July 07, 2012, 03:51 PM

Quote from: toor on July 07, 2012, 03:15 PM
Good luck trying to convince people to accept hand-rolled SSL. Any sensible browser would complain about it, and making an exception for it might amount to leaving a footprint of CEMB use (potentially undesirable), although it would be a useful way of spotting that someone's trying to snoop on HTTPS.

Google acts as an intermediate CA, incidentally - Thawte is the ultimate CA for the HTTPS google sessions I've got going.

But can't CEMB just implement HTTPS for those who request it, why not leave default as HTTP, I don't mind that. I also don't mind installing a self signed CEMB certificate in my windows certificate manger. As long as the connection is secure I don't care about the rest.

For example these days its easy to intercept wifi data, anyone can potentially see what I am submitting to CEMB when I am posting on this website. Having a HTTPS is better than not having one at all is my point. I really don't see why anyone would object to it other than on the basis of it takes a bit of time implementing it. Maybe a few hours, so can't be asked doing the work. If those folks who don't want to use HTTPS they can be still free not to use it, and not saying lets force all the users onto a self signed HTTPS connection, leave the choice up to the person. What do you think about that?

Plus you can get a signed basic signed one for £10/year.

Left the forum: http://www.councilofexmuslims.com/index.php?topic=22997
- zomzom
- ᵀᴴᴱ'ᴼᴿᴵᴳᴵᴻᴬᴸ
- Ex-Muslim
- offline
Re: Can we have encrypted (SSL) HTTPS to the forum
Reply #5 - July 07, 2012, 03:55 PM

Quote from: toor on July 07, 2012, 03:15 PM

Google acts as an intermediate CA, incidentally - Thawte is the ultimate CA for the HTTPS google sessions I've got going.

Mines like this:
Equifax Secure Certificate Authority -->>> Issued by Google Internet Authority.

Left the forum: http://www.councilofexmuslims.com/index.php?topic=22997
1« Previous thread | Next thread »