[sword-devel] Please update the link here if you have migrated your project

Jaak Ristioja jaak at ristioja.ee
Wed Feb 10 15:16:43 MST 2016


On 10.02.2016 19:00, DM Smith wrote:
> I don’t understand your HTTP-only comment regarding the wiki. It works just fine under HTTPS. Is your objection the self-signed certificate?

I object to sending my login credentials over the wire in plain text.
Btw, the wiki login form didn't redirect to HTTPS.

I don't object to self-signed certificates in general. Its the chain of
trust that matters. Currently I don't have any reason to trust the
certificate with SHA-256 fingerprint
EC:E2:A6:2C:05:CB:1C:34:40:09:DE:87:99:26:16:C4:CA:33:F6:AB:1B:9A:70:D8:17:65:71:DC:E1:6B:94:76
because I have no certainty whatsoever that it indeed belongs to
Crosswire. If the login were on HTTPS, a certificate signed by a CA
trusted by Firefox trusted by me (for the issue at hand) would have been
sufficient.

I don't want to start a crypto discussion and fuel people into calling
me paranoid. I doubt that further discussion on this matter will do any
good.


Blessings!
Jaak



More information about the sword-devel mailing list