[Rhodes22-list] Does our website need SSL?
Michael D. Weisner
mweisner at ebsmed.com
Mon Jul 20 10:39:44 EDT 2020
Should we require SSL or TLS for the website is an interesting question.
The website itself does not require login or passwords, at least at this time. The only exception to this policy is access to the email list. The mailman pages require that a user maintain a password which is used to access the archives or change mail delivery options. As far as real security on mailman, it must be noted that all of our posts are available through google.com searches which means that there is no real privacy of content. The same is probably true for the nabble site.
Mike
s/v Wind Lass ('91)
Nissequogue River, NY
-----Original Message-----
From: Rhodes22-list <rhodes22-list-bounces at rhodes22.org> On Behalf Of Larry Gioia via Rhodes22-list
Sent: Monday, July 20, 2020 9:21 AM
To: The Rhodes 22 Email List <rhodes22-list at rhodes22.org>
Subject: Re: [Rhodes22-list] Does our website need SSL?
>From our experience with my small company’s website:
- the reason we use it is clients require it because they enter passwords and use of SSL encrypts them. Not an issue to the Rhodes site. Another reason is other sites that link to us prefer it to be an https link - again probably not an issue to the Rhodes site.
- SSL is free, but a digital SSL certificate is needed from a certificate authority - the cheapest we found is GoDaddy.com, $64 first year, $80/yr thereafter. To avoid the charge you can self-sign your certificate but website users will get a message saying this site uses a self-signed certificate- be sure you trust them. Makes people a little nervous.
I’m no expert on this, it’s just what we found and do - perhaps there are now new free methods.
Larry
‘14 R22 Language of Love
‘86 R22 <still unnamed!>
> On Jul 19, 2020, at 11:37 PM, Hank <hnw555 at gmail.com> wrote:
>
> He's right. TLS 1.2 is the current standard and has replaced SSL.
> Folks still use SSL as the general term, though.
>
>> On Sun, Jul 19, 2020, 19:46 Todd Tavares <tavares0947 at gmail.com> wrote:
>>
>> My son is a web dev and said every website should have SSL..and its free.
>> But he said the latest is TLS(?).
>>
>> Todd T
>>
>> tavares0947 at gmail.com
>>
>>> On Fri, Jul 17, 2020, 5:05 PM Peter Nyberg <peter at sunnybeeches.com> wrote:
>>>
>>> Tom,
>>>
>>> You’ve mentioned SSL certification several times now, so I suspect
>>> that this is a subject near and dear to your heart. But I don’t
>>> understand
>> why
>>> you think we should have it. The website isn’t doing e-commerce or
>>> anything. Could you elaborate?
>>>
>>> Thanks,
>>> Peter
>>>
>>>> On Jul 17, 2020, at 10:08 AM, Tom Van Heule <
>>> tom.vanheule at intrinsicprograms.com> wrote:
>>>>
>>>> Jesse - I also understand that nabble data is only partial -
>>>> something
>>> that
>>>> there was nothing previous to 2009 in Nabble... but the entirety is
>> where
>>>> Peter indicated. I would like to see someone who knows be able to
>> update
>>>> nabble to get ALL the data (or find another way to modernize the UI
>>>> of
>>> all
>>>> the archives). Also Nabble, and for that matter our current site
>>>> have
>> no
>>>> SSL certification. https://letsencrypt.org/getting-started/ this
>>>> is
>>> free
>>>> and legit - but someone with access needs to go through.
>>>>
>>>> Peter - this looks great, nothing fancy needed, but more complete.
>> Thank
>>>> you. And thank you for not using wordpress (it's a peeve of mine)
>>>>
>>>> aside- we KNOW there are photos that get lost in the archives -
>>>> perhaps there is a content discovery tool we can run against the
>>>> archives -
>>> really
>>>> most posts with a photo attached are worth indexing?
>>>>
>>>> Happy Friday all -
>>>> Tom
>>>
>>>>
>>>> Tom Van Heule
>>>> Intrinsic Programs
>>>> tom.vanheule at intrinsicprograms.com
>>>> +1 303 525 5266
>>>
>>>
>>
More information about the Rhodes22-list
mailing list