[Freedombox-discuss] :Configuration: Plug Server Test Publically Available

[Bjarni Rúnar Einarsson]

Hey Nick,

Glad it's working for you! :-)  I wanted to respond to a couple of
comments you made inline:

On Sat, Nov 5, 2011 at 6:26 AM, Nick Daly <nick.m.daly at gmail.com> wrote:
> DDOSing it: I know that's a weak point in this structure.  It weirds me
> out that I need to *MITM myself* so the FBX can be reached, but I'm not
> too worried that the Icelandic government's going to fake an SSL
> certificate.  Israel might, though, so it might be good to move PageKite
> to a (root-)CA based in their own country.

I think this is a misunderstanding.  Sadly, anyone who can sign
certificates can probably MITM us - it doesn't matter which root signs
our cert, the browser will accept any valid signature from anywhere.
I don't particularly trust Israel, but as I understand things, I'm
afraid it doesn't really matter much. The only way I know to manage
this risk is to use the Firefox and the Certificate Patrol plugin, or
self signed certs (see below) and a security exception in the browser.

PageKite's wildcard SSL service does not pretend to be a perfect
solution and we hope our users understand the limitations of what we
offer - but it is better than nothing. :-)

If you switch to your own domain name and get your own certificate,
you will be able to do end-to-end SSL encryption over PageKite and the
our servers won't be able to see a thing.  However, this will only
work with modern browsers because it relies on recent features of the
TLS standard which have not been implemented by everyone yet.  So
again, not a perfect solution.

SSL is a mess...

> Also, congratulations and thanks, again, to the PageKite folks.  The
> system works beautifully.

Thanks for the kind words!

Feel free to be in touch if we can help with anything. :-)

-- 
Bjarni R. Einarsson
Founder, lead developer of PageKite.

Make localhost servers visible to the world: http://pagekite.net/