September 21st 2008
Will Norris is working on a revision to OpenID for WordPress. This is good, and I have some observations and suggestions. At the moment the OpenID plugin works pretty well - I have separate logins delegated through domains I own. I routinely log in through OpenID for both routine and administrative activities. Continue Reading »
September 20th 2008
This is more of a reminder to myself - you can enable SSL on WordPress, but it’s essentially an undocumented feature. This afternoon all I could find was a forum posting on enabling SSL.
There doesn’t seem to be genuine documentation on it in the Codex, at least, not documentation that pops out when you do a search. Continue Reading »
August 12th 2008
August 5th 2008
Mozilla, like most responsible web browsers, pops up a warning if someone visits a secure web site where the site’s crypto credentials have not been countersigned by a recognized certificate authority.
In Slashdot, Chandon Seldon arues that the Mozilla SSL Policy is Bad For the Web., which links to material by Nat Tuck saying, again, Mozilla SSL policy bad for the Web. The argument is that this policy violates net neutrality by forcing people into a commercial venue if they want their secure connections to be user friendly. The commentaries find this especially troublesome for nonprofit organizations.
This is nonsense. Net Neutrality is about connectivity. SSL is about security and assured identification. Web browsers pop up a complaint about authentication when they can’t verify a site’s identity - that’s what the browser is supposed to do. SSL certificate management is the best affirmative defense in the Internet today and these suggestions will only weaken it. Continue Reading »