undefined | Better HN

0 pointsagwa11y ago0 comments

It would be free, but not necessarily easy, as it would still entail configuring your web server to use SSL, and that might not even be an option if you're using shared hosting.

(Aside: self signed certs don't protect the connection from active attacks unless CloudFlare pins the cert. I'm mainly concerned with passive eavesdropping though.)

0 comments

eastdakota11y ago

That's what we're going to do: issue certs that our customers can use on their origins, that will be trusted by our network, and that will be pinned to a particular site. That will allow end-to-end cryptographic connections. There are other groups working on making installing and setting up SSL on origin servers easier, that's not something we're likely to tackle, but agree it's important.

ehPReth11y ago

That's amazing. Thank you.

agwaOP11y ago

That is excellent. Thank you!

j / k navigate · click thread line to collapse