tea.mathoverflow.net - Discussion Feed (MO's ssl-certificate is slightly problematic)

peter.krautzberger comments on "MO's ssl-certificate is slightly problematic" (11904)

2010-12-14T15:29:47-08:00

Thanks Andrew! Sorry for not searching the forum first...

Anton's link addresses the question of automatic ssl-encryption (in short: SO doesn't want to spend money on it).

What irritated me was that it works! That is, if you manually go to https://mathoverflow.net you will get an encrypted connection. The only problem is that most browsers will (and should) complain that the certificate does not match the domain. So even though SO does not want to offer automatic encryption (which is unfortunate), they do offer 'manual' encryption, but without giving MO its own certificate.

Ah, on second thought/test, SO's certificate is almost as problematic since it's untrusted by firefox and chrome... Nevermind then.

Andrew Stacey comments on "MO's ssl-certificate is slightly problematic" (11901)

2010-12-14T11:15:38-08:00

See http://tea.mathoverflow.net/discussion/798/mo-and-metamo-over-ssl, and in particular the link in Anton's comment there.

peter.krautzberger comments on "MO's ssl-certificate is slightly problematic" (11887)

2010-12-13T19:24:01-08:00

Over at the discussion http://tea.mathoverflow.net/discussion/835/possible-troll/ the topic of login-security came up. It is not a big risk I think (see my comment there), but because of it I tried to access MO via https/ssl-encryption for a test -- which showed a slight problem: forcing https lead me to a phishing warning.

It turns out the ssl-certificate for mathoverflow is actually created for stackoverflow. Maybe the SO-overlords can give MO its own certificate?

If I might add, I think it would be great if ssl-encryption was standard (cf. the efforts of https://www.eff.org/https-everywhere ). After all, MO lives and dies with its users, so it would make sense to protect their privacy in this unobtrusive manner (well, if it's not too difficult technically).