|
|
| A 'real' web server certificate for
opensc-project.org from godaddy |
 
Estonia |
2007-05-02 06:14:51 |
Today I found this:
https://www.godaddy.com/gdshop/ssl/ssl_opensource.a
sp?ci=5988
Free for one year. Why not?
--
Martin Paljak
_______________________________________________
opensc-devel mailing list
opensc-devel lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel
|
|
| Re: A 'real' web server certificate
for opensc-project.org from godaddy |
 
United States |
2007-05-02 07:21:43 |
|
Martin Paljak wrote:
paljak.pri.ee"
type="cite">
Today I found this:
https://www.godaddy.com/gdshop/ssl/ssl_opensource.asp?ci=5988
Free for one year. Why not?
StartCom has free certs, and is
now accepted by most
browsers. ;
|
| Re: A 'real' web server certificate
for opensc-project.org from godaddy |
Estonia |
2007-05-02 07:36:55 |
On 02.05.2007, at 15:21, Alaric Dailey wrote:
> StartCom has free certs, and is now accepted by most
browsers.
Nice service.
But real life statistics say: 80% users use IE (in
Estonia)
So unless IE accepts the certificate ( I'll omit my comments
on the
green bar thing) it is not that good for daily work. IE is
STILL the
majority ...
--
Martin Paljak
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel
|
|
| Re: A 'real' web server certificate
for opensc-project.org from godaddy |
United States |
2007-05-02 14:07:20 |
On Wednesday 02 May 2007 5:36 am, Martin Paljak wrote:
> On 02.05.2007, at 15:21, Alaric Dailey wrote:
> > StartCom has free certs, and is now accepted by
most browsers.
>
> Nice service.
>
> But real life statistics say: 80% users use IE (in
Estonia)
>
> So unless IE accepts the certificate ( I'll omit my
comments on the
> green bar thing) it is not that good for daily work. IE
is STILL the
> majority ...
Agreed. I would recommend godaddy (or other) for the
website.
However, I do agree that StartCom is a nice service, and I'm
believing that
the reason it is not included in Windows yet is mostly
political. The fact
that StartCom has already qualified for other CA programs
(Mozilla, Apple) is
enough for me to recommend its usage.
For the Psi XMPP client project, we plan to distribute the
StartCom root
certificate with the client, and use it for root CA
verifications in addition
to the operating system storage. The plan is that the
client download itself
shall be secured by an existing CA established in Windows
(for example,
godaddy), so that it is a safe download for all users, even
those using IE.
The interesting effect here is that by having Psi take the
burden of using a
Windows-established CA, it removes this burden from *every*
XMPP server.
XMPP servers will be able to use StartCom certificates
without any tradeoff.
Without StartCom bundling, XMPP server admins would be stuck
in the same
position as HTTP server admins, having to choose between
cost and
compatibility.
My message doesn't really help the opensc situation, but I
thought readers on
this list might find our pragmatic Psi + StartCom deployment
strategy
interesting.
-Justin
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel
|
|
| Re: A 'real' web server
certificate for opensc-project.org from
godaddy |
|
2007-05-02 16:01:35 |
On Wednesday 02 May 2007 19:59:37 Nils Larsch wrote:
> Martin Paljak wrote:
> > On 02.05.2007, at 15:21, Alaric Dailey wrote:
> >> StartCom has free certs, and is now accepted
by most browsers.
> >
> > Nice service.
> >
> > But real life statistics say: 80% users use IE
(in Estonia)
>
> 80% of the opensc-project.org visitors use IE .... I'm
little
> bit disappointed :-(
hu? our official statistic tells me:
Firefox Nein 5556 45.2 %
MS Internet Explorer Nein 2855 23.2 %
Mozilla Nein 1835 14.9 %
Konqueror Nein 569 4.6 %
Safari Nein 506 4.1 %
Opera Nein 413 3.3 %
Unbekannt ? 316 2.5 %
Netscape Nein 69 0.5 %
Epiphany Nein 46 0.3 %
Wget Ja 46 0.3 %
Sonstige 64 0.5 %
or the full list:
Browser Versionen Grabber Zugriffe Prozent
MSIE 2855 23.2 %
Msie 7.0 Nein 979 7.9 %
Msie 6.0 Nein 1837 14.9 %
Msie 5.5 Nein 18 0.1 %
Msie 5.01 Nein 3 0 %
Msie 5.0 Nein 17 0.1 %
Msie ? Nein 1 0 %
FIREFOX 5556 45.2 %
Firefox 4 Nein 1 0 %
Firefox 2.0.0.4 Nein 77 0.6 %
Firefox 2.0.0.3 Nein 3665 29.8 %
Firefox 2.0.0.2 Nein 136 1.1 %
Firefox 2.0.0.1 Nein 122 0.9 %
Firefox 2.0 Nein 101 0.8 %
Firefox 1.5.0.9 Nein 62 0.5 %
Firefox 1.5.0.8 Nein 17 0.1 %
Firefox 1.5.0.7 Nein 284 2.3 %
Firefox 1.5.0.6 Nein 9 0 %
Firefox 1.5.0.5 Nein 15 0.1 %
Firefox 1.5.0.4 Nein 19 0.1 %
Firefox 1.5.0.3 Nein 2 0 %
Firefox 1.5.0.2 Nein 6 0 %
Firefox 1.5.0.11 Nein 543 4.4 %
Firefox 1.5.0.10 Nein 381 3.1 %
Firefox 1.5 Nein 4 0 %
Firefox 1.0.7 Nein 2 0 %
Firefox 1.0.4 Nein 26 0.2 %
Firefox 1.0.2 Nein 7 0 %
Firefox 1.0.1 Nein 77 0.6 %
NETSCAPE 69 0.5 %
Netscape 7.1 Nein 20 0.1 %
Netscape 5.0 Nein 49 0.3 %
Sonstige 3795 30.9 %
Mozilla Nein 1835 14.9 %
Konqueror Nein 569 4.6 %
Safari Nein 506 4.1 %
Opera Nein 413 3.3 %
Unbekannt ? 316 2.5 %
Epiphany Nein 46 0.3 %
Wget Ja 46 0.3 %
Galeon Nein 35 0.2 %
Camino Nein 18 0.1 %
LibWWW Nein 9 0 %
Curl Ja 2 0 %
so ie users are the minority. at least judging from the data
for today.
april data:
Browser Grabber Zugriffe Prozent
Firefox Nein 85095 36.7 %
MS Internet Explorer Nein 61867 26.7 %
Konqueror Nein 21683 9.3 %
Mozilla Nein 16884 7.2 %
Unbekannt ? 16192 6.9 %
Wget Ja 15474 6.6 %
Opera Nein 6221 2.6 %
Safari Nein 5848 2.5 %
Netscape Nein 676 0.2 %
Galeon Nein 618 0.2 %
Sonstige 878 0.3 %
so I could use startcom.
the more important questions is: but why do we need an
official ssl
certificate at all? there is no user information on
opensc-project.org,
all we use ssl for is the developer write access to the svn
repository
(and the login with trac and awstats and munin - but those
are not
very important).
also I think the ssh security model - save a key the first
time you access
some site, and in the future check it is the same - is
supperior to the ssl
model wit CAs and CRLs and all that for many use cases. at
least for the
https+svn case I think it is.
anyway, much more important things to do right now, but feel
free to keep the
discussion alive and remind me after the 0.11.2 release,
ok?
Thanks, Andreas
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel
|
|
| Re: A 'real' web server
certificate for opensc-project.org from
godaddy |
Estonia |
2007-05-02 16:44:07 |
On 03.05.2007, at 0:01, Andreas Jellinghaus wrote:
> On Wednesday 02 May 2007 19:59:37 Nils Larsch wrote:
>> Martin Paljak wrote:
>>> But real life statistics say: 80% users use IE
(in Estonia)
>>
>> 80% of the opensc-project.org visitors use IE ....
I'm little
>> bit disappointed :-(
I'm not saying opensc-project.org visitors, but internet
users in
Estonia.
By the way - the good news is, that from last week there is
*official
support* (in addition to de facto official
software I've been made available during past years) for
Windows/
Firefox in Estonia,
for Estonian eID, using code that is roughly based on
opensc/scb 
Check out the announcment: http://www.id.ee/blog/?p=
19
'project page': http://ideelabor.ee/opensource/wiki/IdKaardiTarkvara/
WindowsBuild
and über-cool buildbot screen: http://code.ideelabor.
ee:8002/ (ah
well, all red...)
Regarding this:
Looking at the statistics of opensc-project.org I noticed
that http://
ideelabor.ee/id-kaart(/linux) is always quite the
top10 of referrers.
Please note, that with all due credits to
opensc-project.org, Windows
and Mac users in Estonia never get to the opensc-project.org
site as
all information is available in Estonian on
id.ee/ideelabor.ee/id-kaart
(But windows users make 80% of opensc/windows related
downloads from
id.ee and believe me or not - very often using IE. Many
people first
check 'can i use eID with firefox?')
> the more important questions is: but why do we need an
official ssl
> certificate at all? there is no user information on
opensc-
> project.org,
For me there is one practical annoyance: I use Mac/Safari on
daily
basis. For some reason
(Actually I think this is because of the acceptable CA
list
presented by apache) Safari decides to
send my eID certificate (If card is present) to
opensc-project.org
what naturally rejects it.
What means I have to remove the card or fire up firefox to
access
https://opensc-project.org
But it is also just a nice move from godaddy to offer such
stuff.
> all we use ssl for is the developer write access to the
svn repository
> (and the login with trac and awstats and munin - but
those are not
> very important).
Not important - true. But I'll check again tomorrow - Maybe
I'll file
the request and if the cert arrives will replace it on
opensc-
project.org...
m.
--
Martin Paljak
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel
|
|
| Re: A 'real' web server certificate
for opensc-project.org from godaddy |
 
Germany |
2007-05-05 09:32:57 |
--On Mittwoch, 2. Mai 2007 14:14 +0300 Martin Paljak
<martinpaljak.pri.ee>
wrote:
> Today I found this:
>
> https://www.godaddy.com/gdshop/ssl/ssl_opensource.a
sp?ci=5988
>
> Free for one year. Why not?
>
Well there is cacert.org too, similar to startcom except you
don't pay
anything and browser coverage is a little bit worse as for
startcom but i
think it may be another option to look at...
regards,
ives
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel
|
|
| Re: A 'real' web server certificate
for opensc-project.org from godaddy |
United States |
2007-05-05 21:05:07 |
|
CAcerts inclusion status into Mozilla can be found here...
https://bugzilla.mozilla.org/show_bug.cgi?id=215243
While here is StartComs inclusion statuses
http://cert.startcom.org/?app=140
'nuff said.
Ives Steglich wrote:
%5B192.168.2.26%5D"
type="cite">
--On Mittwoch, 2. Mai 2007 14:14 +0300 Martin Paljak paljak.pri.ee"><martinpaljak.pri.ee>
wrote:
Today I found this:
https://www.godaddy.com/gdshop/ssl/ssl_opensource.asp?ci=5988
Free for one year. Why not?
Well there is cacert.org too, similar to startcom except you don't pay
anything and browser coverage is a little bit worse as for startcom but i
think it may be another option to look at...
regards,
ives
_______________________________________________
opensc-devel mailing list
lists.opensc-project.org">opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
|
| Re: A 'real' web server certificate for
opensc-project.org from godaddy |
Germany |
2007-05-06 05:43:06 |
Andreas Jellinghaus wrote:
...
> the more important questions is: but why do we need an
official ssl
> certificate at all? there is no user information on
opensc-project.org,
> all we use ssl for is the developer write access to the
svn repository
> (and the login with trac and awstats and munin - but
those are not
> very important).
I agree that a ssl protection for out websites isn't
extremly important at
the moment (at for those who insist on a ssl connection our
self-signed
certificate should be sufficient). Much more interesting
IMHO would be sign
the official releases or at least sign the announcement
mails (containing
a fingerprint of the latest tarballs).
Nils
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel
|
|