[GreenKeys] Oh! It’s a present from microsoft

Paul Birkel pbirkel at gmail.com
Wed Apr 24 09:50:12 EDT 2019 

WRT “chain of trust” and the US Government/Military environment I presume that you’re simply referencing the fact that many/most browsers don’t come with the necessary cert-chain pre-installed.  That’s not an issue of trust; that’s just an issue of market-share, customer-convenience, or the usual “steering” of browser users towards “favored sites” (or away from “disfavored” ones).

 

It’s easy enough (<koff> <koff>) to install the government cert-chain and “Bob’s your uncle” ;->.

 

See: https://iasecontent.disa.mil/pki-pke/unclass-rg-installroot_5_2_niprnet_user_guide.pdf

 

 

From: Bob kb8tq [mailto:kb8tq at n1k.org] 
Sent: Wednesday, April 24, 2019 9:24 AM
To: Paul Birkel
Cc: Paul Heller; Frank Carraro; greenkeys at mailman.qth.net
Subject: Re: [GreenKeys] Oh! It’s a present from microsoft

 

Hi

 

The “chain of trust” on the certificate is the gotcha. If you log into a US military 

site, it’s “not secure”. It’s HTTPS, but the certificate path is not one that the 

commercial guys recognize,. The same thing gets you with most (if not all) of

the “free” certificates. 

 

Pile on the next layer and it’s even more silly. People like Go Daddy issue 

certificates. For a first time buy, they are pretty cheap ( = buy the longest term

you possibly can). For renewal … not so cheap. Every so often Google or 

Microsoft will go to war with Go Daddy and “un-trust” their chain. I haven’t seen

it happen for years, but I have seen it. 

 

It’s all nonsense.

 

Bob





On Apr 24, 2019, at 5:12 AM, Paul Birkel <pbirkel at gmail.com> wrote:

 

Get one from: https://letsencrypt.org/  No strings attached :->!

 

See: https://letsencrypt.org/getting-started 

 

From: greenkeys-bounces at mailman.qth.net [mailto:greenkeys-bounces at mailman.qth.net] On Behalf Of Paul Heller
Sent: Wednesday, April 24, 2019 4:37 AM
To: Frank Carraro
Cc: greenkeys at mailman.qth.net
Subject: Re: [GreenKeys] Oh! It’s a present from microsoft

 

This is an interesting dilemma. The way things are now, any site that is not HTTPS (encrypted HTTP) will show as not secure. This is a recent change from Google (Chrome), Microsoft (Edge), etc.  But to become HTTPS the site needs to buy a certificate (maybe there are free ones?). So that is extra cost to people like me who are only trying to run a simple website. 

 

Since RTTY.com <http://rtty.com/>  is hosted by a generous benefactor, I will see if HTTPS is possible.

 

I’m glad it is working for you, Frank.

Paul
W2TTY

ITTY:             HTTP://INTERNET-TTY.NET:8000/ITTY
AUTOSTART: HTTP://INTERNET-TTY.NET:8030/AUTOSTART
EUROPE:       HTTP://INTERNET-TTY.NET:8040/EUROPE


On Apr 24, 2019, at 10:27 AM, Frank Carraro <kf9nz at sbcglobal.net> wrote:

An upgrade did it.  I am so relieved 
that Microsoft gave me such protection from all those terrible security breaches in rtty.com <http://rtty.com/> !!
I finally was able to hear the signal even though it says “Not Secure. Rtty.com <http://rtty.com/> ” in the site name.

Sorry to bother 

Sent from my iPhone
______________________________________________________________
GreenKeys mailing list
Home: http://mailman.qth.net/mailman/listinfo/greenkeys
Help: http://mailman.qth.net/mmfaq.htm
Post: mailto:GreenKeys at mailman.qth.net

2002-to-present greenkeys archive: http://mailman.qth.net/pipermail/greenkeys/
1998-to-2001 greenkeys archive: http://mailman.qth.net/archive/greenkeys/greenkeys.html
Randy Guttery's 2001-to-2009 GreenKeys Search Tool: http://comcents.com/tty/greenkeyssearch.html

This list hosted by: http://www.qsl.net <http://www.qsl.net/> 
Please help support this email list: http://www.qsl.net/donate.html
Message delivered to paul0926 at comcast.net

______________________________________________________________
GreenKeys mailing list
Home: http://mailman.qth.net/mailman/listinfo/greenkeys
Help: http://mailman.qth.net/mmfaq.htm
Post: mailto:GreenKeys at mailman.qth.net

2002-to-present greenkeys archive: http://mailman.qth.net/pipermail/greenkeys/
1998-to-2001 greenkeys archive: http://mailman.qth.net/archive/greenkeys/greenkeys.html
Randy Guttery's 2001-to-2009 GreenKeys Search Tool: http://comcents.com/tty/greenkeyssearch.html

This list hosted by: http://www.qsl.net
Please help support this email list: http://www.qsl.net/donate.html
Message delivered to kb8tq at n1k.org

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.qth.net/pipermail/greenkeys/attachments/20190424/739c4b0d/attachment.html>

More information about the GreenKeys mailing list