From July on, Chrome will brand plain old HTTP as “Not secure”
when a site is marked "secure" it just means some "ca" someplace issued the authors a "certificate"
every one of us has piles and piles of these x.509 "certificates" -- all "validated" by some certificate "authority". can any of us tell by looking which are actually valid ? maybe some of us might but generally i think the idea is hopeless.
what we should do: sign the certificates ourselves. this won't be as bad as it might appear since each of us generally will have only a dozen or so certs that actually need to be counter-signed. for these we need to verify the fingerprint and then sign the cert. with our own key. it won't really be all that hard although I will concede many of us will probably need a user-friendly program to help. and some help from key resources-- like the Credit Union etc.
Chat about just about anything else
1 post • Page 1 of 1