Changes between Version 6 and Version 7 of faq/security/mfpl-certificate-authority


Ignore:
Timestamp:
Sep 9, 2012, 10:01:27 AM (7 years ago)
Author:
Daniel Kahn Gillmor
Comment:

updated/improved vocabulary, and added a reference to keys.mayfirst.org to make it easier to find the CA

Legend:

Unmodified
Added
Removed
Modified
  • faq/security/mfpl-certificate-authority

    v6 v7  
    11= Some of your web sites tell me that your security certificate was signed by an unknown entity. What can I do to get to know you? =
    22
    3 An SSL certificate is a file installed on our web servers that is designed to prove that the web site your are visiting really is run by May First/People Link. The SSL certificate is used when you visit a site that starts with https instead of http.
     3An X.509 certificate is a file installed on our web servers that is designed to prove that the web site your are visiting really is run by May First/People Link. The X.509 certificate is used when you visit a site that starts with https instead of http.
    44
    55This step is important because it is possible to type in one of our web addresses into your browser, but be re-directed to another web site that looks like our web site, but isn't. If you enter your username and password, this information can then be stolen.
    66
    7 When you visit a site that starts with https, your web browser requests the SSL certificate. Every SSL certificate is signed by a "certificate authority." This signature says: The Certificate Authority called "ABC" (or whatever the name of the Certificate Authority is) assures you that the web site your are visiting really is run by Organization XYZ.
     7When you visit a site that starts with https, your web browser requests the X.509 certificate. Every X.509 certificate is signed by a "certificate authority." This signature says: The Certificate Authority called "ABC" (or whatever the name of the Certificate Authority is) assures you that the web site your are visiting really is run by Organization XYZ.
    88
    99Your web browser comes pre-configured to trust certain corporate certificate authorities, like Thawte and Verisign.
     
    1111We pay money to Certificate Authorities (such as Thawte) to have them verify our identity and sign our certificates.
    1212
    13 We are beginning to take a new track. Rather than paying money to corporation to prove that we are who we say we are, we are instead creating our own Certificate Authority.
     13We are beginning to take a new track. Rather than paying money to corporation to prove that we are who we say we are, we are using our own Certificate Authority.  We use this certificate authority to certify the identity of some of our web sites, like the OpenPGP keyserver https://keys.mayfirst.org.
    1414
    1515The catch: You have to install our Certificate Authority in your web browser. You can do that by clicking on the link below that says mfpl.cert.