[IMC-Tech] certificates

Ben Dean-kawamura ben at rocus.org
Thu Mar 15 13:45:57 PDT 2012 

This seems pretty reasonable to me.  Do you have info on how much a
single-domain cert costs?

Ben

On 03/14/2012 07:02 PM, groente wrote:
> Hey all,
> 
> Following recent discussion on imc-tech and imc-communication it seems there is a consensus for acquiring commercial ssl certificates for the global indymedia.org sites.
> This has triggered further discussion on the imc-cert list, which has resulted in the following more official proposal:
> 
> In light of the security-issues connected to the use of wildcard-certificates 1) and cheap availability of single-domain certificates we propose buying individual certificates for the various global indymedia.org sites affected. These include www, lists, docs, sos, radio and biotech.
> 
> Apart from the global sites, local collectives are encouraged to fix the current situation with broken certificates. Respecting foremost the autonomy of local collectives, this proposal does not include any action taken by global working groups that affects local sites. Local collectives remain free to choose whichever solution to the SSL-related problems suits them best. The imc-cert group is offcourse willing to assist local collectives in the acquisition and deployment of new certificates. Simply mail imc-cert at lists.indymedia.org and things will be put in motion.
> 
> Considering the fuzzyness of global process, a deadline for this proposal is set on April 1st, 2012. If nobody has blocked the proposal before then, consensus is assumed.
> 
> 
> 1) the use of a wildcard-certificate would require the same private key to be shared between all sites using the wildcard certificate. This has the undesireable effect that if one site using the wildcard certificate is compromised, all SSL-traffic on the other sites using the wildcard certificate can be decrypted. The use of individual certificates overcomes the problem.
> 
> 
> x,
> l.
> _______________________________________________
> imc-tech mailing list
> imc-tech at lists.indymedia.org
> http://lists.indymedia.org/mailman/listinfo/imc-tech

More information about the imc-tech mailing list