Chronology	Current Month	Current Thread	Current Date
[Year List] [Month List (current year)]	[Date Index] [Thread Index]	[Thread Prev] [Thread Next]	[Date Prev] [Date Next]

Re: [Phys-l] PHYS-L Website certified by an unknown authority

From: "Mark O. Kimball" <mok2@enthalpy.physics.buffalo.edu>
Date: Thu, 16 Feb 2006 13:06:54 -0500 (EST)

Hi Folks,

I am surprised that the PHYS-L site is not certified by Verisign or some
similar authority. While I would not under any circumstances include in
PHYS-L correspondence personal information, I still find it troubling
that the certificate is issued by the host machine of PHYS-L rather than
an external authority. I am not at all an expert on computer security,
but when my browser tells me that it has no guarantee that a site is
genuine, I am strongly inclined to avoid that site. Should I be concerned
about this?

Someone please correct me if I am wrong:

The original list hosted by NAU did not use encrypted communication (at
least not to the archives) so the validity of the identity of the server
was not an issue for that list.

Does the list need a trusted authority? It is open to anyone wishing to
join and does allow public viewing of the archives. There is no real need
for secure access to the archives. However, a secure communication with
the pages used to modify an individual's settings is desirable.

VeriSign states a certificate, valid for one year, costs $349. Since
Phys-l has a budget of $0 (unless I am severely misinformed), and is run
by volunteers, this cost would be out-of-pocket.

It was my decision to use the https:// port exclusively so all
communication is encrypted (I tend to do this when possible). I could
simply allow most traffic to use the insecure http:// port and only pipe
communication with the membership modification pages through https://.

Is this what the list wants? Even if the access is changed depending upon
which pages are viewed, this does not get around the untrusted authority
issue for the secure membership modification pages.

Thoughts? Comments?

Mark
--
Mark O. Kimball
Gasparinilab, University at Buffalo | Low Temperature Physics
mok2@physics.buffalo.edu | http://enthalpy.physics.buffalo.edu
Lab Phone: 716-645-2017x122 | Fax: 716-645-2507

Follow-Ups:
- Re: [Phys-l] PHYS-L Website certified by an unknown authority
  - From: John Denker <jsd@av8n.com>
- [Phys-l] tonight's nova on the neutrino
  - From: "frank cange" <cangefrank@hotmail.com>

References:
- [Phys-l] PHYS-L Website certified by an unknown authority
  - From: Jim Diamond <jimd@linfield.edu>

Prev by Date: Re: [Phys-l] gas laws
Next by Date: Re: [Phys-l] Parents don't see a crisis over science and math
Previous by thread: [Phys-l] PHYS-L Website certified by an unknown authority
Next by thread: Re: [Phys-l] PHYS-L Website certified by an unknown authority
Index(es):
- Date
- Thread