Domain: apache-ssl.org
Stories and comments across the archive that link to apache-ssl.org.
Comments · 9
-
Re:SSL For All My Friends!
Apache-SSL does just this. It would be nice if they released an update based on Apache 2 though. It's also pretty easy to make your site use SSL for everything in
.htaccess.
The down side of using SSL for everything is that it increases your CPU load, you could get an SSL offload engine to help with that. -
Re:SSL for everythinghow come so many services require a certificate (such as SSL with email, imap, pop, etc) rather than auto-negotiating it like SSH does?
The idea is that you can verify the certificate belongs to who it says it belongs to (like www.yourbank.com), without exchanging any other communication (such as SSH's fingerprints) - you just verify the site's signature from Verisign (or whomever). SSH relies on you confirming the fingerprint the first time you connect.
You can generate your own SSL certs if you don't care about proving them to anyone. Check out the apache docs for examples. Then, once you've accepted it the first time, you'll have no more prompts on further connects - exactly like SSH.
See, for example, http://www.apache-ssl.org/#FAQ, "Now I've got my server installed, how do I create a test certificate?"
-
Re:What is needed..
-
consequences are inevitable
All that will happen is that P2P and similar applications will start using SSL, TLS or some other form of encryption. Good luck to the RIAA proving that they were the intended recipient of an encrypted communication {which alone would give them the right to decrypt it} -- the fact that it was not encrypted against their public key might be worth mentioning in court too.
Shameless plug: The file sharing software I currently use already includes SSL. -
Re:Could be a cool hosting facility!
Troll, at least read before posting. On page ONE of the Bunker site, describing their technical team:
This team is led by Ben Laurie, our technical director and author of the Apache-SSL web server. He is a founding director and head of security of the Apache Software Foundation, whose Apache webserver powers over 60% of the world's websites. He is also a core member of the OpenSSL Project (the world's most widely used cryptographic library), and numerous other internet projects. (emphasis mine)
Do check up on Ben Laurie. What kind of standards do you have?? Think RMS is a leech too? Sheesh.
-
Re:If you install the spyware, sure
Why run Windows-style P2P on Linux? Just use httpsd!
-
Obviously the answer is .....
..... to use this encrypted, cross-platform P2P file sharing software instead!
-
Re:comparisonlarien wrote:
It doesn't prove that much as there may be fewer Apache-SSL sites on linux than there are IIS sites.
It proves even less than that. There are two SSL add-ons for Apache, and only mod_ssl is vulnerable to the current Slapper variants (partly due to the fact it advertises the OpenSSL version). Apache-SSL sites are not presently being hit, but they could be. -
How to chosse an encryption algorithmWhen choosing a crypto system to use, I make the following considerations:
- The algorithm has to be free and unencumbered by patents. The ElGamal public key algorithm is an example of an unencumbered algorithm, but it did not become unencumbered until the DH patent expired in 1997. The symmetric key algorithm Blowfish is the first unencumbered post-DES algorithm that people believe is secure, which is why it is so popular.
- The algorithm has to feel secure. This is way people stull use 3DES, even though it is far slower than Blowfish and most of the other new SK algorithms at the block cipher lounge and the AES candidates.
- The algorithm has to, once it meets the above two criteria, be efficient. Blowfish has an inefficient key generation cycle, but is otherwise efficient. Rijndael is the most efficient of the AES candidates.
One thing people can do is use a cryptosystem instead of a single algorithm. This makes implememtation much easier, since people don't need to become familiar with Applied Cryptography and the literature on crypto. This is why people like SSL--it is free outside of the US, and will become free in the US on September 20th, and is a complete system belived to be secure.
One of the nice things about crypto research is that most of the research papers out there are freely available on the internet.
- Sam