[Rhodes22-list] Does our website need SSL?

Tom Van Heule tom.vanheule at intrinsicprograms.com
Mon Jul 20 10:56:43 EDT 2020 

I did setup a discord : https://discord.gg/MbpR9Q for discussing nuts and
bolts of the website - it seems we are happy to discuss here.   (and I wont
delete the discord ever...)

As some have said - we would like to have some protected areas of the site
and getting encrypted is table stakes for a new build today.
I suggest we keep it as free and secure as possible, until we start selling
merchandise :) Then we get Stan a new revenue stream.

I agree with Michael here- the amount of data should be obfuscated from the
public.    It sounds like there are several of us around who know what
brute forcing means - and this could all be taken from us in a matter of
minutes... we don't want to put the 20+ years of info at risk like that
(fear mongering , apologies).

But that being said - I think I might call Stott for my remodel - the info
is useful!

Have a great Monday,
Tom

On Mon, Jul 20, 2020 at 9:39 AM Michael D. Weisner <mweisner at ebsmed.com>
wrote:

> Should we require SSL or TLS for the website is an interesting question.
>
> The website itself does not require login or passwords, at least at this
> time. The only exception to this policy is access to the email list. The
> mailman pages require that a user maintain a password which is used to
> access the archives or change mail delivery options. As far as real
> security on mailman, it must be noted that all of our posts are available
> through google.com searches which means that there is no real privacy of
> content. The same is probably true for the nabble site.
>
> Mike
> s/v Wind Lass ('91)
> Nissequogue River, NY
>
>
> -----Original Message-----
> From: Rhodes22-list <rhodes22-list-bounces at rhodes22.org> On Behalf Of
> Larry Gioia via Rhodes22-list
> Sent: Monday, July 20, 2020 9:21 AM
> To: The Rhodes 22 Email List <rhodes22-list at rhodes22.org>
> Subject: Re: [Rhodes22-list] Does our website need SSL?
>
> From our experience with my small company’s website:
>
> - the reason we use it is clients require it because they enter passwords
> and use of SSL encrypts them. Not an issue to the Rhodes site. Another
> reason is other sites that link to us prefer it to be an https link - again
> probably not an issue to the Rhodes site.
> - SSL is free, but a digital SSL certificate is needed from a certificate
> authority - the cheapest we found is GoDaddy.com, $64 first year, $80/yr
> thereafter.  To avoid the charge you can self-sign your certificate but
> website users will get a message saying this site uses a self-signed
> certificate- be sure you trust them. Makes people a little nervous.
>
> I’m no expert on this, it’s just what we found and do - perhaps there are
> now new free methods.
>
> Larry
> ‘14 R22 Language of Love
> ‘86 R22 <still unnamed!>
>
> > On Jul 19, 2020, at 11:37 PM, Hank <hnw555 at gmail.com> wrote:
> >
> > He's right. TLS 1.2 is the current standard and has replaced SSL.
> > Folks still use SSL as the general term, though.
> >
> >> On Sun, Jul 19, 2020, 19:46 Todd Tavares <tavares0947 at gmail.com> wrote:
> >>
> >> My son is a web dev and said every website should have SSL..and its
> free.
> >> But he said the latest is TLS(?).
> >>
> >> Todd T
> >>
> >> tavares0947 at gmail.com
> >>
> >>> On Fri, Jul 17, 2020, 5:05 PM Peter Nyberg <peter at sunnybeeches.com>
> wrote:
> >>>
> >>> Tom,
> >>>
> >>> You’ve mentioned SSL certification several times now, so I suspect
> >>> that this is a subject near and dear to your heart.  But I don’t
> >>> understand
> >> why
> >>> you think we should have it.  The website isn’t doing e-commerce or
> >>> anything.  Could you elaborate?
> >>>
> >>> Thanks,
> >>>    Peter
> >>>
> >>>> On Jul 17, 2020, at 10:08 AM, Tom Van Heule <
> >>> tom.vanheule at intrinsicprograms.com> wrote:
> >>>>
> >>>> Jesse - I also understand that nabble data is only partial -
> >>>> something
> >>> that
> >>>> there was nothing previous to 2009 in Nabble... but the entirety is
> >> where
> >>>> Peter indicated.  I would like to see someone who knows be able to
> >> update
> >>>> nabble to get ALL the data (or find another way to modernize the UI
> >>>> of
> >>> all
> >>>> the archives). Also Nabble, and for that matter our current site
> >>>> have
> >> no
> >>>> SSL certification.  https://letsencrypt.org/getting-started/  this
> >>>> is
> >>> free
> >>>> and legit - but someone with access needs to go through.
> >>>>
> >>>> Peter - this looks great, nothing fancy needed, but more complete.
> >> Thank
> >>>> you.  And thank you for not using wordpress (it's a peeve of mine)
> >>>>
> >>>> aside- we KNOW there are photos that get lost in the archives -
> >>>> perhaps there is a content discovery tool we can run against the
> >>>> archives -
> >>> really
> >>>> most posts with a photo attached are worth indexing?
> >>>>
> >>>> Happy Friday all -
> >>>> Tom
> >>>
> >>>>
> >>>> Tom Van Heule
> >>>> Intrinsic Programs
> >>>> tom.vanheule at intrinsicprograms.com
> >>>> +1 303 525 5266
> >>>
> >>>
> >>
>
>

-- 
Tom Van Heule
Intrinsic Programs
tom.vanheule at intrinsicprograms.com
+1 303 525 5266

More information about the Rhodes22-list mailing list