|author||Tails developers <email@example.com>||2012-01-07 05:17:48 +0100|
|committer||Tails developers <firstname.lastname@example.org>||2012-01-07 05:17:48 +0100|
1 files changed, 19 insertions, 16 deletions
diff --git a/wiki/src/news/new_SSL_certificate.mdwn b/wiki/src/news/new_SSL_certificate.mdwn
index 8b35898..a619b19 100644
@@ -2,7 +2,7 @@
-On the same day as the release of Tails 0.10, our website started to offer a
+On the same day Tails 0.10 was put out, our website started to use a
commercial SSL certificate. This new certificate replaces the previous one that
was delivered by the non-commercial [CACert certificate
@@ -11,28 +11,28 @@ What are SSL certificates?
Using HTTPS instead of plain HTTP to connect to a website allows you to encrypt
-your communication with the server. But encryption might not be enough if you
-also need to make sure that you are talking with the right server, and not
+your communication with the server. But encryption alone does not guarantee
+that you are talking with the right server, and not
someone impersonating it, for example in case of a [[man-in-the-middle
-SSL certificates try to solve this problem. There are usually issued by
-certificate authorities to certify the identity of a server. When you reach a
-website your browser might trust an SSL certificate automatically if it trusts
+SSL certificates try to solve this problem. A SSL certificate is usually issued by
+a certificate authority to certify the identity of a server. When you reach a
+website your web browser might trust an SSL certificate automatically if it trusts
the authority that issued it.
Commercial certificate authorities are making a living out of selling SSL
-certificates, and they are usually trusted automatically by most of the
+certificates; they are usually trusted automatically by most of the
browsers. Other non-commercial authorities, such as
[CACert](http://www.cacert.org/), need to be installed by the operating system
-or the user not to show a security warning when visiting the website.
+or by the user to avoid displaying a security warning when visiting the website.
Weaknesses of the system
But this trust system has proven to be flawed in many ways. For example, during
2011, two certificate authorities were compromised, and many fake certificates
-were issued, and used in the wild. See [Comodo: The Recent RA
+were issued and used in the wild. See [Comodo: The Recent RA
and [The Tor Project: The DigiNotar Debacle, and what you should do about
@@ -47,12 +47,15 @@ Why get a commercial certificate then?
Still we decided to get a commercial certificate for the following reasons:
-- It will make it harder to do simplistic [[man-in-the-middle
- attacks|doc/about/warning#index3h1]] on the people that didn't use HTTPS so
+- It makes it harder to setup a simplistic [[man-in-the-middle
+ attacks|doc/about/warning#index3h1]] against the people who didn't use HTTPS so
far to visit our website.
-- It will make it easier (but not safer) for many people to use HTTPS on our
- website. This could be important to provide some confidentiality while posting
+- It makes it easier (but not safer) for many people to use HTTPS on our
+ website. This may be important to provide some confidentiality while posting
on the forum for example.
-- It will allow us to write a rule for inclusion in the HTTPS Everywhere Firefox
- extension, shipped in Tails, and that will force HTTPS on our website for the
- people using it.
+- It allowed us to write and submit a rule for inclusion in the [HTTPS
+ Everywhere](https://www.eff.org/https-everywhere) Firefox add-on:
+ this rules forces HTTPS on our website. Tails ships HTTPS Everywhere
+ add-on; therefore, once this new rule makes its way upstream, it
+ will benefit every Tails user as well as anyone else who uses
+ HTTPS Everywhere.