Chronology | Current Month | Current Thread | Current Date |
[Year List] [Month List (current year)] | [Date Index] [Thread Index] | [Thread Prev] [Thread Next] | [Date Prev] [Date Next] |
The original list hosted by NAU did not use encrypted communication (at
least not to the archives) so the validity of the identity of the server
was not an issue for that list.
Does the list need a trusted authority? It is open to anyone wishing to
join and does allow public viewing of the archives. There is no real need
for secure access to the archives. However, a secure communication with
the pages used to modify an individual's settings is desirable.
VeriSign states a certificate, valid for one year, costs $349. Since
Phys-l has a budget of $0 (unless I am severely misinformed), and is run
by volunteers, this cost would be out-of-pocket.
It was my decision to use the https:// port exclusively so all
communication is encrypted (I tend to do this when possible). I could
simply allow most traffic to use the insecure http:// port and only pipe
communication with the membership modification pages through https://.