Thanks! I see my concerns have been posted, mostly by lmm.
I guess that’s the last article by @tedu I read for a while, and I’ll have to flag future posts with “Already Posted” as I’ve seen that cert error page a number of times before.
One already posted his key for a web-of-trust in the making. Probably a better model for a small, opinionated community. I’ll also note it being a Ruby app makes me concerned about trusting it as a CA. If anything, we should do it Keybase-style where our Lobster’s comments/messages become one of many authenticated transports sharing the same credential to increase confidence in its authenticity. That could go right in the profile, though, with a machine-readable tag. That would maintain low noise in the threads.
EDIT: I forgot to add this is common with Keybase users on Hacker News. They put it at the bottom of their profile in brackets.
@tedu your site has a broken cert chain, throws https errors in Chrome and Firefox
(He’s using a self-signed certificate, hence the warning. You can read more here)
It reads “Your connection is not secure.”
Ah, point. You’d have to click through the warning to see why it’s safe to click through the warning.
Here is a link to the Google-cached copy of the article. That will let you read the article “moving to https” without ignoring any warnings.
Also, here is the loste.rs discussion on “moving to https”.
Thanks! I see my concerns have been posted, mostly by lmm.
I guess that’s the last article by @tedu I read for a while, and I’ll have to flag future posts with “Already Posted” as I’ve seen that cert error page a number of times before.
Alas, that’s not likely to change any time soon.
Is anybody here motivated enough to make a lobsters cert authority?
One already posted his key for a web-of-trust in the making. Probably a better model for a small, opinionated community. I’ll also note it being a Ruby app makes me concerned about trusting it as a CA. If anything, we should do it Keybase-style where our Lobster’s comments/messages become one of many authenticated transports sharing the same credential to increase confidence in its authenticity. That could go right in the profile, though, with a machine-readable tag. That would maintain low noise in the threads.
EDIT: I forgot to add this is common with Keybase users on Hacker News. They put it at the bottom of their profile in brackets.