[Freedombox-discuss] Two days left on your PageKite account ??
On Sun, Jun 24, 2012 at 9:33 PM, Matthias-Christian Ott <ott at mirix.org> wrote:
> On 2012-06-24 22:49, Daniel Kahn Gillmor wrote:
>> That said, i'd like to point out that your concerns about provider
>> control of your persistent address are *exactly* why we need a common
>> naming scheme that doesn't encourage this kind of hierarchy.
> For security you don't need to have this. Encryption and authentication
> is performed end-to-end.
> As far as I understand it, you can use PageKite with your own X.509
> certificates and with Certificate Patrol this should be pretty good
> security. PageKite can only stop to forward data, as any other internet
> access provider can. So it don't see a real problem here.
It can be if the user configures it that way. This is not the default
(or common case) though, as we had to make some difficult choices
between usability and security - most of our current users are web
developers who do not share the concerns of the FreedomBox community,
they just want a tool to make their jobs easier.
However, if PageKite were used as part of the FreedomBox or a related
tool, this (self-signed SSL, end-to-end HTTPS) is how I would
recommend configuring it. The advantage to doing it that way is you
could crowd-source the front-ends since as you say, they have no
ability to mess with the payload.
You definitely don't want to crowd-source relays for unencrypted HTTP
though, as malware authors would quickly grab the opportunity to
inject exploits into other peoples' pages.
Bjarni R. Einarsson
Founder, lead developer of PageKite.
Make localhost servers visible to the world: https://pagekite.net/