[Board] [SAC] SSL Certificate Policy

Jody Garnett jody.garnett at gmail.com
Fri May 6 10:52:37 PDT 2016


If you have a community member who cares I would go with their opinion. The
key community that cares is you (I.e. has already signed up to the system
admin committee). The board does not have the expertise or the passion to
advise on each matter.

You are a foundation officer with an approved budget. The SAC is trusted to
spend responsibly, perhaps keeping budget in reserve for crazy things like
the attack this week.






On Fri, May 6, 2016 at 12:55 PM Alex M <tech_dev at wildintellect.com> wrote:

> For me it was a philosophy question. Does the board care, or the
> community care if we don't have a Org Validated certificate? So far most
> of SAC has very little opinion on the topic. Martin prefers OV, because
> thats the tradition with Orgs.
>
> Thanks,
> Alex
>
> On 05/06/2016 12:50 PM, Jody Garnett wrote:
> > I do not think the board needs a position, we are happy to be guided by
> the
> > system admin committee in this (and many matters) :D
> >
> > I would tend to error on the side of less volunteer time as a rule, but
> it
> > is really up to SAC.
> >
> > --
> > Jody Garnett
> >
> > On 6 May 2016 at 11:06, Alex M <tech_dev at wildintellect.com> wrote:
> >
> >> OSGeo Board,
> >>
> >> We recently renewed the SSL certificate for the *.osgeo.org domains. In
> >> doing so there's an unresolved policy question I'd like to get answered.
> >>
> >> Our old certificate was Org Validated (OV). All that means is that the
> >> certificate authority does a little extra checking on the org, it's
> >> slightly more expensive (~$150+/yr), and that it's harder to change
> >> anything in our account related to the certificate. The outward facing
> >> result is that if you read the certificate details the Organization(O)
> >> line is filled out.
> >>
> >> The new certificate (because we were on a time crunch) is a Domain
> >> Validated (DV). It's a little cheaper, and way easier to login and work
> >> with. It's also similar enough to Mozilla's new letsencrypt project that
> >> we might be able to switch to that later on.
> >>
> >> From a money perspective, I don't think the difference between $250 vs
> >> $400 a year is big difference. From a technical perspective both work,
> >> equally well. Other orgs seems to mostly use OV certificates. But I've
> >> found very few people who seem to care, and you can't really tell unless
> >> you open the certificate details.
> >>
> >> The only thing that would happen now if we change back to OV, is that it
> >> will take more volunteer hours to get the new one, cancel the current
> >> one (100% refund is not an issue in the 1st 30 days).
> >>
> >>
> >> Does the board have a position on if they want to use an OV or are
> >> people content with the DV certificates?
> >>
> >>
> >> Thanks,
> >> Alex
> >> Sys Admin Committee
> >>
> >>
> >>
>
> _______________________________________________
> Board mailing list
> Board at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/board

-- 
--
Jody Garnett
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/board/attachments/20160506/691c27be/attachment.html>


More information about the Board mailing list