Github Pages now supports SSL
I know most of the people on here have transcended the earthbound, maudlin Certificate Authority system, but as services-adopting-SSL-news goes, I'm particular excited about Github Pages<https://twitter.com/benbalter/status/444555263195217920>, which started quietly supporting SSL for *.github.io domains a few weeks back. I'm excited because Github Pages is powerful, verrrrry flexible, and totally free. AFAIK, it's the only major blog/web host that gives you free SSL, backed by a high quality CDN (since everything is static files). To promote the occasion and nudge Github to take it further, I wrote up my own experience, and a little how-to for forcing redirects via Jekyll: https://konklone.com/post/github-pages-now-supports-https-so-use-it Along with Cloudflare's 2014 plan to offer SSL termination for free, and their stated plan to double SSL on the Internet by end of year, the barrier to HTTPS everywhere is dropping rapidly. -- Eric -- konklone.com | @konklone <https://twitter.com/konklone>
There's even an HTTPS Everywhere rule for it already in case you *only* want to ever access it over SSL! https://www.eff.org/https-everywhere (only in the development branch right now, should be released soon) On 04/04/2014 11:08 AM, Eric Mill wrote:
I know most of the people on here have transcended the earthbound, maudlin Certificate Authority system, but as services-adopting-SSL-news goes, I'm particular excited about Github Pages <https://twitter.com/benbalter/status/444555263195217920>, which started quietly supporting SSL for *.github.io <http://github.io> domains a few weeks back.
I'm excited because Github Pages is powerful, verrrrry flexible, and totally free. AFAIK, it's the only major blog/web host that gives you free SSL, backed by a high quality CDN (since everything is static files).
To promote the occasion and nudge Github to take it further, I wrote up my own experience, and a little how-to for forcing redirects via Jekyll:
https://konklone.com/post/github-pages-now-supports-https-so-use-it
Along with Cloudflare's 2014 plan to offer SSL termination for free, and their stated plan to double SSL on the Internet by end of year, the barrier to HTTPS everywhere is dropping rapidly.
-- Eric
-- konklone.com <https://konklone.com> | @konklone <https://twitter.com/konklone>
On Fri, 04 Apr 2014 11:40:20 -0700, yan <yan@mit.edu> wrote:
There's even an HTTPS Everywhere rule for it already in case you *only* want to ever access it over SSL! https://www.eff.org/https-everywhere
HTTP Nowhere is also worth checking out. It can be configured to force HTTPS on all sites and connections. I prefer it over HTTPS Everywhere. https://addons.mozilla.org/en-US/firefox/addon/http-nowhere/
Message du 04/04/14 20:09 De : "Eric Mill" Along with Cloudflare's 2014 plan to offer SSL termination for free, and their stated plan to double SSL on the Internet by end of year, the barrier to HTTPS everywhere is dropping rapidly.
I agree that putting https everywhere is great, but Cloudflare's founders are tightly linked with the US-intelligence community. That fact alone kind of kills any claims they make about data security within their service.
On 4/6/2014 10:40, tpb-crypto@laposte.net wrote:
Message du 04/04/14 20:09 De : "Eric Mill" Along with Cloudflare's 2014 plan to offer SSL termination for free, and their stated plan to double SSL on the Internet by end of year, the barrier to HTTPS everywhere is dropping rapidly.
I agree that putting https everywhere is great, but Cloudflare's founders are tightly linked with the US-intelligence community. That fact alone kind of kills any claims they make about data security within their service.
Source for this please? -- staticsafe
Message du 06/04/14 17:41 De : "staticsafe" On 4/6/2014 10:40, tpb-crypto@laposte.net wrote:
Message du 04/04/14 20:09 De : "Eric Mill" Along with Cloudflare's 2014 plan to offer SSL termination for free, and their stated plan to double SSL on the Internet by end of year, the barrier to HTTPS everywhere is dropping rapidly.
I agree that putting https everywhere is great, but Cloudflare's founders are tightly linked with the US-intelligence community. That fact alone kind of kills any claims they make about data security within their service.
Source for this please?
Is it so painful to do your own homework? "Matthew Prince, Lee Holloway, and Michelle Zatlyn created CloudFlare in 2009.[1][2] They previously worked on Project Honey Pot." - http://en.wikipedia.org/wiki/CloudFlare "[...] the project organizers also help various law enforcement agencies combat private and commercial unsolicited bulk mailing offenses and overall work to help reduce the amount of spam being sent [...]" - http://en.wikipedia.org/wiki/Project_Honey_Pot That's just for starters, you can dig more and find more. It is interesting that the history of the founders themselves is no longer exhibited in cloudflare.com website as it was years ago. As an American company, there is nothing preventing Cloudflare from receiving NSLs and having to shut up about them. What use is a system that you can't trust like this? You can say "oh, but they go after the bad guys, spammers". But that doesn't limit it to spammers neither do we know who are the so called bad guys, since that is decided by American secret laws, made by secret courts, that issue secret orders. No trust to American companies, less even trust to American companies that promise any kind of data security. Better no security than a false sense of it. Sorry.
On Apr 6, 2014, at 2:20 PM, tpb-crypto@laposte.net wrote:
Message du 06/04/14 17:41 De : "staticsafe" On 4/6/2014 10:40, tpb-crypto@laposte.net wrote:
Message du 04/04/14 20:09 De : "Eric Mill" Along with Cloudflare's 2014 plan to offer SSL termination for free, and their stated plan to double SSL on the Internet by end of year, the barrier to HTTPS everywhere is dropping rapidly.
I agree that putting https everywhere is great, but Cloudflare's founders are tightly linked with the US-intelligence community. That fact alone kind of kills any claims they make about data security within their service.
Source for this please?
Is it so painful to do your own homework?
"Matthew Prince, Lee Holloway, and Michelle Zatlyn created CloudFlare in 2009.[1][2] They previously worked on Project Honey Pot." - http://en.wikipedia.org/wiki/CloudFlare
"[...] the project organizers also help various law enforcement agencies combat private and commercial unsolicited bulk mailing offenses and overall work to help reduce the amount of spam being sent [...]" - http://en.wikipedia.org/wiki/Project_Honey_Pot
That's just for starters, you can dig more and find more. It is interesting that the history of the founders themselves is no longer exhibited in cloudflare.com website as it was years ago.
As an American company, there is nothing preventing Cloudflare from receiving NSLs and having to shut up about them. What use is a system that you can't trust like this?
You can say "oh, but they go after the bad guys, spammers". But that doesn't limit it to spammers neither do we know who are the so called bad guys, since that is decided by American secret laws, made by secret courts, that issue secret orders.
No trust to American companies, less even trust to American companies that promise any kind of data security. Better no security than a false sense of it.
Sorry.
I have noticed CloudFlare CAPTCHA screens before I can access some sites via Tor. This begs the question of how much data is CloudFlare gathering from Tor exit nodes and who are they selling it to? Due to links with the US Intelligence community and possibly receiving NSLs, they are in a great position to provide information about what people use Tor for. Perhaps thwarting spammers is a great cover for keeping track of traffic to and from alleged terrorist IPs/Net blocks. Since they also help mitigate DDoS attacks, they can also keep track of alleged Anonymous pwned hosts used for originating DDoS campaigns. They are a great “in the trenches” company that can be very versatile for keeping track of the Bad Guys(tm). Thank you, Scott
oh dear. He helped the government combat crime and nuisance style offenses. Clearly in collusion. On Sun, Apr 6, 2014 at 12:20 PM, <tpb-crypto@laposte.net> wrote:
Message du 06/04/14 17:41 De : "staticsafe" On 4/6/2014 10:40, tpb-crypto@laposte.net wrote:
Message du 04/04/14 20:09 De : "Eric Mill" Along with Cloudflare's 2014 plan to offer SSL termination for free, and their stated plan to double SSL on the Internet by end of year, the barrier to HTTPS everywhere is dropping rapidly.
I agree that putting https everywhere is great, but Cloudflare's founders are tightly linked with the US-intelligence community. That fact alone kind of kills any claims they make about data security within their service.
Source for this please?
Is it so painful to do your own homework?
"Matthew Prince, Lee Holloway, and Michelle Zatlyn created CloudFlare in 2009.[1][2] They previously worked on Project Honey Pot." - http://en.wikipedia.org/wiki/CloudFlare
"[...] the project organizers also help various law enforcement agencies combat private and commercial unsolicited bulk mailing offenses and overall work to help reduce the amount of spam being sent [...]" - http://en.wikipedia.org/wiki/Project_Honey_Pot
That's just for starters, you can dig more and find more. It is interesting that the history of the founders themselves is no longer exhibited in cloudflare.com website as it was years ago.
As an American company, there is nothing preventing Cloudflare from receiving NSLs and having to shut up about them. What use is a system that you can't trust like this?
You can say "oh, but they go after the bad guys, spammers". But that doesn't limit it to spammers neither do we know who are the so called bad guys, since that is decided by American secret laws, made by secret courts, that issue secret orders.
No trust to American companies, less even trust to American companies that promise any kind of data security. Better no security than a false sense of it.
Sorry. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
participants (7)
-
Eric Mill -
Ryan Carboni -
Scott Blaydes -
Seth -
staticsafe -
tpb-crypto@laposte.net -
yan