Yeah, it doesn't seem any different to how its been in the past year. The beta sigil is still under the logo.
I wish theyd put the links to maps and images back in, maybe with some visual warning that theyre not encrypted. I have SSL search as the default search in chrome, and I hate having to manually jump back to normal google to do image searches.
If you're using the HTTPS-Everywhere Firefox addon (1), or the HTTPS-Everywhere Squid redirector (2), you don't need to know/remember about the SSL versions of Wikipedia or Google. You're just sent there by default.
The only thing I dislike about this is it hides the refer, screwing up my analytics. I'd have to completely convert all of my sites to HTTPS only to be able to make use of the additional headers for analytical purposes. Not really a big deal I guess, but kind of unnecessary to have to purchase wildcard certs if you have many sub domains.
Well I mean it's my personal blog, there's really no need for https since there's no user accounts or login. Are you saying HN is insecure because they don't use https? How about Reddit, no https there either.
Yes, HN is insecure because they don't use HTTPS. Especially when using a public WiFi network someone could hijack my session, and even intercept my password by passively sniffing packets.
I do agree that if you don't have user logins there is no real threat. The only possible 'attack' then would be an ISP injecting ads or injecting other content that you didn't write :)
I've not used their cert for anything yet (I plan to test them on some personal sites when I get chance, before using them elsewhere), and wildcard certs are not free (but they do seem relatively cheap), but it might be worth looking into for someone in your position.
I've used them for a few personal sites and projects with no complaints.
The fee for wildcard certs (~60USD) is a one-off to verify your identity - usually via a quick phone call to confirm details from your official documents.
Once that's complete, you can generate as many certs as you need (incl. wildcards and Subject Alternative Name) from their control panel, subject to jumping through the usual hoops to prove that you have control of each domain.
I do use StartSSL but the problem just comes from having multiple sub domains. I get IPv4 addresses for $0.50/mo/each but I'd rather not setup each subdomain on its own dedicated IP for the sakes of using free SSL certs.
You don't need multiple IPv4 addresses to make use of a wild-card (or other multi-name) certificate. A wildcard certificate will verify any matching domain so you could have many sub-domains of the same domain (using a single certificate for *.domain.tld) on one address and browsers would not complain.
Also you could run the distinct (sub)domains on different ports on the same address, though this is perhaps less useful.
Also, with SNI you can use many single-name certificates on one address (and all on the same port) using SNI. Unfortunately there are a number of significant client combinations that won't play nice with this (most notably, if you can't guess, IE on Windows XP): http://en.wikipedia.org/wiki/Server_Name_Indication#Support
I know that. I'm saying I don't want to have to pay for a wildcard certificate since you can get free certs for individual domains. The alternative for me purchasing a wildcard domain would be to get many different single domain certs for free and assign each one to a different IP address.
Anyone that has the HTTPS everywhere extension (Firefox) is already using the SSL search in Google. As others noted it has been in beta for quite a long time and is missing some features like the image search or the doodles on the homepage.
21 comments
[ 2.0 ms ] story [ 55.5 ms ] threadI wish theyd put the links to maps and images back in, maybe with some visual warning that theyre not encrypted. I have SSL search as the default search in chrome, and I hate having to manually jump back to normal google to do image searches.
While we're here, don't forget SSL wikipedia!
https://secure.wikimedia.org/wikipedia/en/wiki/Main_Page
1.) https://www.eff.org/https-everywhere
2.) https://github.com/mikecardwell/perl-HTTPSEverywhere
Only miss is that I can't immediately click through to image searches, they're only available over unsecured HTTP.
There is a HTTPS wrapper around HN, but it has been pretty flakey lately (lots of timeouts): https://quickhn.appspot.com/news
I do agree that if you don't have user logins there is no real threat. The only possible 'attack' then would be an ISP injecting ads or injecting other content that you didn't write :)
I've not used their cert for anything yet (I plan to test them on some personal sites when I get chance, before using them elsewhere), and wildcard certs are not free (but they do seem relatively cheap), but it might be worth looking into for someone in your position.
The fee for wildcard certs (~60USD) is a one-off to verify your identity - usually via a quick phone call to confirm details from your official documents.
Once that's complete, you can generate as many certs as you need (incl. wildcards and Subject Alternative Name) from their control panel, subject to jumping through the usual hoops to prove that you have control of each domain.
Also you could run the distinct (sub)domains on different ports on the same address, though this is perhaps less useful.
Also, with SNI you can use many single-name certificates on one address (and all on the same port) using SNI. Unfortunately there are a number of significant client combinations that won't play nice with this (most notably, if you can't guess, IE on Windows XP): http://en.wikipedia.org/wiki/Server_Name_Indication#Support
https://chrome.google.com/webstore/detail/flcpelgcagfhfoegek...
Love this Extension!