TromboneChat

When i come to the trombone forum with https at the front of the URL, Firefox stops me and gives me this message...




If I change the URL to http I can get thru to log in but, of course, that is not secure.


I'm guessing the owner of the site is the one who needs to acquire a new security certificate?

That's essentially correct. In laymens terms, the HTTP protocol doesn't make sure that you're connecting to the address you put in the URL bar. The HTTPS protocol does... but if the certificate is self-signed then it means that its basically the tromboneforum.org is self-verifying that it is tromboneforum.org - there is no other verification to make sure that you are actually connecting to tromboneforum.org or of someone is spoofing it.  Which is why you're getting that error. Anybody who has access to the network you're connecting from or your ISP could theoretically change the IP address that tromboneforum.org routes to.

That said, if you're at home it probably isn't a big deal. If your passwords for all of your accounts are unique then all an attacker would be able to gleam from your connection would be your email address and potentially be able to log in to tromboneforum.org as you.  And they'd have to go through a fair amount of trouble for that too.  Would that be bad? Potentially. But is it worth not checking out the forum?  I'm inclined not to think so.

That's essentially correct. In laymens terms, the HTTP protocol doesn't make sure that you're connecting to the address you put in the URL bar. The HTTPS protocol does... but if the certificate is self-signed then it means that its basically the tromboneforum.org is self-verifying that it is tromboneforum.org - there is no other verification to make sure that you are actually connecting to tromboneforum.org or of someone is spoofing it.  Which is why you're getting that error. Anybody who has access to the network you're connecting from or your ISP could theoretically change the IP address that tromboneforum.org routes to.

That said, if you're at home it probably isn't a big deal. If your passwords for all of your accounts are unique then all an attacker would be able to gleam from your connection would be your email address and potentially be able to log in to tromboneforum.org as you.  And they'd have to go through a fair amount of trouble for that too.  Would that be bad? Potentially. But is it worth not checking out the forum?  I'm inclined not to think so.