Mirror of the Rel4tion website/wiki source, view at <http://rel4tion.org>
Clone
HTTPS:
git clone https://vervis.peers.community/repos/yEzqv
SSH:
git clone USERNAME@vervis.peers.community:yEzqv
Branches
Tags
ssl.mdwn
SSL allows client software to authenticate web services and establish encrypted connections with them over the network. Each service holds private key which it uses to prove its identity, and a public certiticate client software uses to verify the service.
Most of the time client software actually trusts Certificate Authorities (CAs), which can sign many different certificates. Then, trusting the CA enables trust of all certificates signed by it. Of course this raises the question “how many people can one person possibly trust”, and indeed the number is small (because there’s a limit to the number of people we can maintain friendships with… there are just 24 hours a day). CAs are usually large, and don’t really trust all their users in the regular social meaning of trust.
Partager solves the problem by allowing trust to be established through PGP signatures, which is a decentralized mechanism, and provides its own independent CA which doesn’t trust or expect to be trusted any of those large corporate-managed CAs which could potentially sign any certificate if paid enough (even if some of them don’t, how would you know who’s honest and who isn’t? This is exactly the problem with large CAs).
The Monkeysphere support enabling use of PGP signatures is not complete yet, but you if you haven’t told your computer to trust Partager’s CA, you can follow the [[certificate usage guide|projects/systems/servers/security/certificates]]. Then, you can e.g. browse this website securely by using an HTTPS prefix in the address instead of HTTP.
If you would like to have your certificate signed by Partager’s CA in order to avoid duplication of effort, that’s fine - but note that Partager is a community CA, i.e. trust is based on actual trust between friends. So either we already know each other, or we will need to. Once there is real-life trust, there can also be digital trust. If you ask me, this is how it’s supposed to work.
If you don’t know me and cannot, e.g. because you live in the other side of the world, that’s fine - I intend my “community CA” approach to be applied to individual homes and small communities. You can easily create your own CA just like Partager has done, by following the [[SSL admin guide|projects/systems/admin-guides/SSL]]. There’s even a user guide you can use to understand the client side, and Partager’s certificate usage guide mentioned above can be used as a template to create your own - just replace “partager” with the name of your CA :-)
Some files you may expect:
- CA certificate: [[rel4tion-ca.crt]]
- PGP signature of the certificate: [[rel4tion-ca.crt.sig]]
- Revocation lists: http://cert.rel4tion.org/crl/