Current location

narf

narf

You're NOT using HTTPS

You really should use HTTPS to make sure you really connect to the site you want, and encrypt the traffic so only it can read it. Make sure to read what follows first, so you are more confident you do connect to the right site.

How can I trust this site?

HTTPS relies on SSL certificates. In general, the trust in SSL certificates is based on the fact that they are issued by Trusted Third Parties called Certificate Authorities, and web browsers trust a lot of them. This trust has been found to be misplaced on several occasions in the past.

This site uses certificates from Let's Encrypt, which attempts to automate the certificate issuance process to help the spread of secure encryption, and make it more transparent to avoid abuses. If you don't mind, you can also trust this entity when they say that this website is the correct one for the domain.

If you do mind—I'm glad you do, you should—the options are unfortunately more tedious. All I can offer is to rely on a somewhat more transparent trust system, the PGP Web of trust: I have signed this server's certificate with my PGP key (fingerprint: 4435 CF6A 7C8D DD9B E2DE F5F9 F012 A6E2 98C6 6655 ). The signature is here. You can check this signature as follows, and display the fingerprint.

wget --no-check-certificate https://www.narf.ssji.net/server.crt  https://www.narf.ssji.net/server.crt.asc # Can you spot the chicken-and-egg problem here?
gpg --recv-keys 4435CF6A7C8DDD9BE2DEF5F9F012A6E298C66655
gpg -v server.crt.asc # Look for something like 'Good signature from "Olivier Mehani <shtrom@ssji.net>"'
openssl x509  -fingerprint -noout -in server.crt

If you trust that the PGP key does belong to me—there are many independent ways to check this—and if you can validate the signature for this server's certificate, and your browser displays the same fingerprint when you check the warning/security/encryption/certificate information, then you can be slightly more confident your browser is indeed directly connected to this server.

But you shouldn't copy and paste commands you don't understand from the web (or pipe them)...

In any case, even though there are trust issues with HTTPS certificates, it is still better than nothing at all. One just need to be sure what they trust. But it's a right mess...

Not using IPv6?

Your IPv4 address is 23.20.64.16.

More information on IPv6 and how to get connectivity is available:

Powered by OpenBSD