[Ach] (no subject)

Andreas Mirbach a.mirbach at me.com
Sun Jan 12 13:18:58 CET 2014 

Ok, i see startssl is a little difficult. But we can't provide a how to for that, i think.
Because every ca has a slightly different process and every ca already provides a how to optain a certificat in there faqs. If your still in trouble i can help you to understand the startssl process. 

@all ahmad pionted out that some ssl starters don't realy know how to retrieve a ssl certificate. I can remember my first try on that. So maybe a section that describs the general process of generating a certificat and signing it by a ca would be very helpfull. What do you say?

Regards Andreas Mirbach

Sent from my iPad

> On 12.01.2014, at 06:56, Ahmad Bilal <ahmadbilal200854 at gmail.com> wrote:
> 
> Also, I tried StartSSL at first, but got lost somewhere, and gave up in between. So yes, people like me want to improve, just need the light! :)
> 
> 
> 
>> On 12 January 2014 11:25, Ahmad Bilal <ahmadbilal200854 at gmail.com> wrote:
>> thanks Rainer and Andreas. Yes, I was aware that its not that safe to trust Godaddy, but to put it honestly, Learning about SSL/TLS/etc is like starting all over again, after barely learning programming. There is not many guides out there easily searchable. It was just coincidence that I find out about BetterCrypto. 
>> 
>> I have read the draft, it has been very helpful.. but my opinion is, if the explanations are a bit more simple, than people will benefit even more from it. As I said above, and its also written in the draft, that weak code written by programmers is a big concern. It should not be assumed, that a programmer would learn coding, and then start to learn about cryptography. Instead ideally, one should learn cryptography and programming together, so that means, that midway, where a person has only grasped intermediate concepts in programming, he should be introduced to cryptography. 
>> 
>> That means, in short, that it should be assumed that the SysAdmin (at which this initiative is aimed at) can be average SysAdmin, as well as a well established SysAdmin.
>> 
>> I might be saying what has been already said, many times.. and I mean no offense to anyone. I'm just resonating, what are my honest feelings about this.
>> 
>> Thanks a lot, I hope to learn a lot around here. 
>> 
>> 
>>> On 12 January 2014 03:16, Andreas Mirbach <a.mirbach at me.com> wrote:
>>> Even if those certificate authorities have not been hacked, you have to ask yourself "do you thrust these thirth party in your chain". For websites that need to be reached over the internet by unknown clients, you need them. But if you know your clients e.g. your companys computer you can/should use your own CAs. In my opinion there should be a more detailed section about certificate authorities. 
>>> 
>>> Andreas Mirbach
>>> 
>>> Sent from my iPad
>>> 
>>>> On 11.01.2014, at 21:36, Rainer Hoerbe <rainer at hoerbe.at> wrote:
>>>> 
>>>> Finden SHA1-collisions requires 2**63 tries (may be a bit less). Faking a certificate this way is quite expensive, there are cheaper ways.
>>>> 
>>>> No you do not be worried, because the security value of those commercial certificates ist near zero anyway. GoDaddy have been insuniated that they have been hacked in the past. The question is why to pay for a certificate of low value, when you can get the same product  elsewhere for free, e.g. Startssl.
>>>> 
>>>> - Rainer
>>>> 
>>>>> Am 11.01.2014 um 15:02 schrieb Ahmad Bilal <ahmadbilal200854 at gmail.com>:
>>>>> 
>>>>> I have a question. I recently bought a certificate from godaddy, and during the installation I chose SHA-2, but the Certificate Signing Request in raw form has SHA-1 written on it, and not SHA-2. Should I be worried?
>>>>> 
>>>>> 
>>>>> 
>>>>> -- 
>>>>> Ahmad Bilal
>>>>> 
>>>>> _______________________________________________
>>>>> Ach mailing list
>>>>> Ach at lists.cert.at
>>>>> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>>>> 
>>>> _______________________________________________
>>>> Ach mailing list
>>>> Ach at lists.cert.at
>>>> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>> 
>> 
>> 
>> -- 
>> Ahmad Bilal
> 
> 
> 
> -- 
> Ahmad Bilal
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20140112/7bf1c5f1/attachment.html>

More information about the Ach mailing list