Etusivu Tutki Apua
Kirjaudu sisään
fr33domlover
/
Rel4tion-Wiki
peilaus alkaen git://seek-together.space/wiki.git
Tarkkaile 1
Äänestä 0
Fork 0
Tiedostot Ongelmat 0 Wiki
Puu: 8b3b2bbab2
Branchit Tagit
Rel4tion-Wiki
/
maint
/
admin
/
ca
/
tinyca
/
Introduction
/
Have_Control.mdwn

Have_Control.mdwn 2.7 KB
Historia Raaka

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950 
  1. SSL's trust model is quite centralized in practice, which some people consider a
    2. 

  2. weakness or a result of bad design. Although anyone can become a Certificate
    3. 

  3. Authority, your web browser trusts only a specific predefined group of CAs, and
    4. 

  4. they're managed by large companies which:
    5. 

  5. 

  6. 1. Require you to pay for most of their services (sometimes you can get free but
    7. 

  7.    limited service)
    8. 

  8. 2. Require a lot of personal information about you
    9. 

  9. 

  10. Maybe the worst thing is the fact that trust is established without actually
    11. 

  11. knowing each other, i.e. the fact some website is trusted by the web browser
    12. 

  12. doesn't mean you can trust it. For example, the websites of Google and Facebook
    13. 

  13. use signed certificates which your web browser probably trusts automatically,
    14. 

  14. without asking you. At the same time, they both collect private user data, apply
    15. 

  15. censorship, report to the NSA, use your pictures to create advertisiments and so
    16. 

  16. on. Do they sound like people/services you can trust as a user? Probably not.
    17. 

  17. 

  18. The good news: You can add new certificates to the web browser! Therefore, as a
    19. 

  19. client, you can decide whom you trust and whom you don't. It's not something
    20. 

  20. many people do, and the interface may sometimes not be the most friendly, but
    21. 

  21. it's important to have it.
    22. 

  22. 

  23. You may guess managing certificates manually is difficult and cumbersome, even
    24. 

  24. with a GUI (like what Iceweasel and Evolution offer, for example). It's true,
    25. 

  25. there are many many websites on the internet, made by many different people, and
    26. 

  26. managing all the certificates manually is impossible. Instead, you can tell your
    27. 

  27. browser to determine who is trusted, using [[!wikipedia PGP]].
    28. 

  28. 

  29. PGP allows you to use trust signatures in a *transitive* manner. In simple
    30. 

  30. words, while you still mark websites you trust, you can also choose to trust
    31. 

  31. people you know (e.g. your friends) and your browser will automatically trust
    32. 

  32. the website they trust as well, making the work of marking trusted websites
    33. 

  33. *collaborative* and much faster. If you have a community of people trusting each
    34. 

  34. other in the PGP sense, using PGP for web service authentication not becomes
    35. 

  35. much easier - and you don't need to rely on some potentially-greedy large
    36. 

  36. companies to tell you who's okay and who isn't!
    37. 

  37. 

  38. Therefore, as a client you have two tools to help you use the web securely:
    39. 

  39. 

  40. 1. Add CA certificates manually
    41. 

  41. 2. Use PGP
    42. 

  42. 

  43. The PGP integration is relatively new, and is implemented by a free software
    44. 

  44. project called Monkeysphere.
    45. 

  45. 

  46. As a service provider, you can help promote the transition to a decentralized
    47. 

  47. system by avoiding the centralized and commercial CAs and using your own CA
    48. 

  48. instead, and by getting Monkeysphere support. This guide explains how to enable
    49. 

  49. Monkeysphere for your SSL certificates.
    50. 

  50.