by rsx11m » July 31st, 2015, 8:59 am
"Mozillazine's administration" is unfortunately right now a single person who has a busy life and keeps the server up and running as part of his free time. I didn't know about the Linux Foundation and others starting a non-profit alternative to the commercial CAs, so that's definitely a good move in general, but still leaves the effort of configuring and maintaining it on the individual server's site (including taking care of certificate renewals and possible revocations).
The most important arguments in favor of connection encryption to websites like ours are protection from spoofing and eavesdropping on users' credentials. Personally I've been aware of only a handful of possible account hijacking cases and no case of reported spoofing, thus it may not be a huge problem (though I see how this could be easily done across open connections like public WiFi). Browsing through the international Mozilla forums, Geckozone in France has encryption whereas MozillaES and MozillaZine.jp don't. So it's still a mixed bag.
"Mozillazine's administration" is unfortunately right now a single person who has a busy life and keeps the server up and running as part of his free time. I didn't know about the Linux Foundation and others starting a non-profit alternative to the commercial CAs, so that's definitely a good move in general, but still leaves the effort of configuring and maintaining it on the individual server's site (including taking care of certificate renewals and possible revocations).
The most important arguments in favor of connection encryption to websites like ours are protection from spoofing and eavesdropping on users' credentials. Personally I've been aware of only a handful of possible account hijacking cases and no case of reported spoofing, thus it may not be a huge problem (though I see how this could be easily done across open connections like public WiFi). Browsing through the international Mozilla forums, Geckozone in France has encryption whereas MozillaES and MozillaZine.jp don't. So it's still a mixed bag.