1 # SOME DESCRIPTIVE TITLE
2 # Copyright (C) YEAR Free Software Foundation, Inc.
3 # This file is distributed under the same license as the PACKAGE package.
4 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
9 "Project-Id-Version: PACKAGE VERSION\n"
10 "POT-Creation-Date: 2012-11-15 19:06+0100\n"
11 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
12 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
13 "Language-Team: LANGUAGE <LL@li.org>\n"
16 "Content-Type: text/plain; charset=UTF-8\n"
17 "Content-Transfer-Encoding: 8bit\n"
21 msgid "[[!meta date=\"2012-01-06 22:01:54 +0100\"]]\n"
26 msgid "[[!meta title=\"New SSL certificate for tails.boum.org\"]]\n"
31 msgid "[[!tag announce]]\n"
36 msgid "[[!toc levels=2]]\n"
41 "On the same day Tails 0.10 was put out, our website started to use a "
42 "commercial SSL certificate. This new certificate replaces the previous one "
43 "that was delivered by the non-commercial [CACert certificate "
44 "authority](http://www.cacert.org/)."
49 msgid "What are SSL certificates?\n"
54 "Using HTTPS instead of plain HTTP to connect to a website allows you to "
55 "encrypt your communication with the server. But encryption alone does not "
56 "guarantee that you are talking with the right server, and not someone "
57 "impersonating it, for example in case of a [[man-in-the-middle "
58 "attack|doc/about/warning#man-in-the-middle]]."
63 "SSL certificates try to solve this problem. A SSL certificate is usually "
64 "issued by a certificate authority to certify the identity of a server. When "
65 "you reach a website your web browser might trust an SSL certificate "
66 "automatically if it trusts the authority that issued it."
71 "Commercial certificate authorities are making a living out of selling SSL "
72 "certificates; they are usually trusted automatically by most of the "
73 "browsers. Other non-commercial authorities, such as "
74 "[CACert](http://www.cacert.org/), need to be installed by the operating "
75 "system or by the user to avoid displaying a security warning when visiting "
81 msgid "Weaknesses of the system\n"
86 "But this trust system has proven to be flawed in many ways. For example, "
87 "during 2011, two certificate authorities were compromised, and many fake "
88 "certificates were issued and used in the wild. See [Comodo: The Recent RA "
89 "Compromise](http://blogs.comodo.com/it-security/data-security/the-recent-ra-compromise/) "
90 "and [The Tor Project: The DigiNotar Debacle, and what you should do about "
91 "it](https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it)."
96 "It is clear for us that getting an commercial SSL certificate is not enough "
97 "to strongly authenticate our website, and for example authenticity of our "
98 "releases. That's why we always propose you [[stronger ways of "
99 "authenticating our Tails release|/download#authenticity-check]] using "
100 "OpenPGP signatures."
105 msgid "Why get a commercial certificate then?\n"
109 msgid "Still we decided to get a commercial certificate for the following reasons:"
112 #. type: Bullet: '- '
114 "It makes it harder to setup a simplistic [[man-in-the-middle "
115 "attacks|doc/about/warning#man-in-the-middle]] against the people who didn't "
116 "use HTTPS so far to visit our website."
119 #. type: Bullet: '- '
121 "Our website now is only available with HTTPS enabled. This may be important "
122 "to provide some confidentiality while posting on the forum for example."