[57north-discuss] TLS Certificates for official 57North services

[Andrea Faulds]

Hi Iain,

> On 7 Jan 2015, at 20:53, Iain R. Learmonth <irl at fsfe.org> wrote:
> 
> On the 28th March 2014 we were issued, free of charge, a wildcard
> certificate for *.57north.co by GlobalSign as part of their free
> certificates for Open Source projects programme. This is currently in use
> for our website at https://57north.co/ although this certificate is not as
> trusted as we were led to believe. I have often heard people complaining
> that the certificate was not trusted, especially on Android devices.

Yes, Android (especially older versions, I think?) is weird and lacks some root CAs, this plagues some other CAs too, but it’s an outlier. GlobalSign is still widely trusted. That’s better than not being trusted at all.

> As a free alternative, for new services like the new wiki announced last
> night (expect an email about this shortly), I have been using CAcert
> certificates. CAcert.org is a community-driven Certificate Authority that
> issues certificates to the public at large for free.

They’re also not trusted by *anyone*. We’re not the CCC, we should use a CA actually trusted by people.

Also, Certificate Authorities are not terrorism, it’s okay to pay the whole Five United States Dollars to obtain a widely-trusted certificate. CAs are a flawed system, but they’re not a broken, dishonest or malicious one. I don’t see why we shouldn’t pay for a proper certificate if needs be.

I feel the same as Shell here. Though I haven’t attended any recent space meetings, so my opinion hardly counts.

Thanks!

--
Andrea Faulds
http://ajf.me/