i know of a couple of pods on the network using self signed certs
i think they had to do some tweeks with the openssl, but they appear to be fully functioning pods
@aj I highly doubt that. Examples?
could someone tell me please what exactly are the protocol features do not work with CA or self signed certs?
besides browser warning for the client i mean
i have contacts on pods using CA and self signed certs and communicate with them regularly
i was not aware of any problem, i get their posts and they get mine?
@aj I’ve never seen that working. So again, examples?
Note that you may receive a bit incoming traffic, but your pod should be unable to send anything to them.
thanks. i’m trying to understand better.
i arrive here today because this post
https://iliketoast.net/posts/67848
was reshared to diapod.net via here
http://diaspora.linuxmaniac.net/posts/54793
so the later was able to receive from one pod and send the post to another
perhaps it is being done without encryption at all?
although i thought this should not be allowed?
unencrypted Diaspora pod - nice 
well… i procrastinate too long and missed the vote! he! 
i would vote NO to this because i think the fact that you need to setup a trusted cert gives the network community good integrity
not to say that a community of diaspora pods using CA would not be very cool, it would
but i would think of it as a separate network community
We do highly recommend HTTPS, but we do not force it. Private posts are always encrypted for the target user anyway.
i think i sort of get it now. thanks. it’s kind of mind boggling
i do hope to see CA Certs accepted as a trusted authority by the major browsers
i don’t know why there is such a fuss about that
Because CAs want to make lots of money for an essentially free service…
CAcert would be nice.
i think it comes down to the issue of browser support
there seems to be no problem with pods communicating with whatever kind of certificate they like to setup
@aj Trust me there is. It’s the number one setup problem.
i’m not saying that you can use a CA cert to communicate with all of the existing pods
it would have to be agreed on by both ends
but this might be preferable to using no encryption as they seem to be doing now
It’s not just encryption - it’s about offering users good usability. As talked earlier some browsers just don’t like links to other pod resources with CA certs. Doesn’t help if the podmin has agreed to opt-in if the user has to suffer. We can’t control which pods open their registrations.
ya. i was meandering over the technical possibilities
i would still vote no to this.
i like the trust structure, and i think the real issue is whether or not CAcert should be included in the bundles for the major operating systems and web browsers
if/when it is, then this issue resolves itself