Re: do i need a dedicated ip address for https?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 22/12/10 11:52 PM, Nico Kadel-Garcia wrote:
> 
> It's the easiest way to do it. If you allow someone else to hold your
> SSL keys, they can do interesting things to act as your front end to

Where in the original post did it mention using a system that's not
under their control?  The question was about a static IP address, not
the system the keys and certificates would be installed on.

> register your hostname associated with a registered key, but that
> gets tricky. And there are other fancy tricks, but they get weird
> and painful.

Yes, it also depends on how much effort they're willing to go to and
whether or not they care if a visitor notices.

> But let's be honest. Most SSL encryption is not done to authenticate
> a website as a signed, registered websites. Most of us at penny-wise
> workplaces have to hit "Yes, I accept this unsigned key" pop-ups all
> the time. SSL is often useful merely to encrypt the traffic
> end-to-end while clients accept such unsigned or incorrectly
> registered keys without concern. For that kind of use, dodging and
> weaving unregistered IP addresses are common place.

That's what my self-signed site is for, but then I live in a country
that is still debating mandatory Internet censorship.

Most people wanting SSL on their website see it as a business
requirement and most of those sites are running on shared or VPS
hosting.


Regards,
Ben



Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux