SSL security on

Last updated on June 23, 2002.

What you don't get

You may have already noticed that the web server certificate isn't signed by Verisign or some other organization that pays a kickback to browser manufacturers to get their certs included by default.

Getting a third party cert really wouldn't provide much extra evidence that you have in fact reached the correct web site. And for that small benefit, I don't find it worth participating in Verisign's scam to extort money out of businesses while promising that its certs do more than they actually do in practice. If Verisign signed certs were really about providing security, rather than cash, to Verisign, the way browsers handled certificate manangement would be different.

The SSL connection has some extra overhead and will be slightly slower than if you weren't using it.

What you get

Once you have been here, you can tell if the next time you come here, you have come to the same place. You can save either the web certificate or the self-signed CA certificate. However if you only want to save the latter if you have a way to say that you only trust it to sign certificates with a common name of or its subdomains. About once a year or so the web server certificate will change.

It keeps the national intelligence agencies (FBI, CIA, NSA, etc.) and your ISP (especially COMCAST) from seeing what on my site you are looking at. (They can still tell you are looking at something here, and if an intelligence agency is particularly interested in either you or me, then they have ways of getting more infromation by compromising the end points.) These groups think it is OK for them to record anyone's traffic without being held accountable. If you disaggree with that stance, you should to do something about it.

For a small group of people (pretty much just AREA helpers), this will be used to authenticate their access to the site.

This page is maintained by Bruno Wolff III on

A secure version of this page is located at: