summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--wiki/src/news/new_SSL_certificate.mdwn35
1 files changed, 19 insertions, 16 deletions
diff --git a/wiki/src/news/new_SSL_certificate.mdwn b/wiki/src/news/new_SSL_certificate.mdwn
index 8b35898..a619b19 100644
--- a/wiki/src/news/new_SSL_certificate.mdwn
+++ b/wiki/src/news/new_SSL_certificate.mdwn
@@ -2,7 +2,7 @@
[[!toc levels=2]]
-On the same day as the release of Tails 0.10, our website started to offer a
+On the same day Tails 0.10 was put out, our website started to use a
commercial SSL certificate. This new certificate replaces the previous one that
was delivered by the non-commercial [CACert certificate
authority](http://www.cacert.org/).
@@ -11,28 +11,28 @@ What are SSL certificates?
==========================
Using HTTPS instead of plain HTTP to connect to a website allows you to encrypt
-your communication with the server. But encryption might not be enough if you
-also need to make sure that you are talking with the right server, and not
+your communication with the server. But encryption alone does not guarantee
+that you are talking with the right server, and not
someone impersonating it, for example in case of a [[man-in-the-middle
attack|doc/about/warning#index3h1]].
-SSL certificates try to solve this problem. There are usually issued by
-certificate authorities to certify the identity of a server. When you reach a
-website your browser might trust an SSL certificate automatically if it trusts
+SSL certificates try to solve this problem. A SSL certificate is usually issued by
+a certificate authority to certify the identity of a server. When you reach a
+website your web browser might trust an SSL certificate automatically if it trusts
the authority that issued it.
Commercial certificate authorities are making a living out of selling SSL
-certificates, and they are usually trusted automatically by most of the
+certificates; they are usually trusted automatically by most of the
browsers. Other non-commercial authorities, such as
[CACert](http://www.cacert.org/), need to be installed by the operating system
-or the user not to show a security warning when visiting the website.
+or by the user to avoid displaying a security warning when visiting the website.
Weaknesses of the system
========================
But this trust system has proven to be flawed in many ways. For example, during
2011, two certificate authorities were compromised, and many fake certificates
-were issued, and used in the wild. See [Comodo: The Recent RA
+were issued and used in the wild. See [Comodo: The Recent RA
Compromise](http://blogs.comodo.com/it-security/data-security/the-recent-ra-compromise/)
and [The Tor Project: The DigiNotar Debacle, and what you should do about
it](https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it).
@@ -47,12 +47,15 @@ Why get a commercial certificate then?
Still we decided to get a commercial certificate for the following reasons:
-- It will make it harder to do simplistic [[man-in-the-middle
- attacks|doc/about/warning#index3h1]] on the people that didn't use HTTPS so
+- It makes it harder to setup a simplistic [[man-in-the-middle
+ attacks|doc/about/warning#index3h1]] against the people who didn't use HTTPS so
far to visit our website.
-- It will make it easier (but not safer) for many people to use HTTPS on our
- website. This could be important to provide some confidentiality while posting
+- It makes it easier (but not safer) for many people to use HTTPS on our
+ website. This may be important to provide some confidentiality while posting
on the forum for example.
-- It will allow us to write a rule for inclusion in the HTTPS Everywhere Firefox
- extension, shipped in Tails, and that will force HTTPS on our website for the
- people using it.
+- It allowed us to write and submit a rule for inclusion in the [HTTPS
+ Everywhere](https://www.eff.org/https-everywhere) Firefox add-on:
+ this rules forces HTTPS on our website. Tails ships HTTPS Everywhere
+ add-on; therefore, once this new rule makes its way upstream, it
+ will benefit every Tails user as well as anyone else who uses
+ HTTPS Everywhere.