carsnstuff
Active Member
googled it... recent Snazzy site, extremely detailed parts lists, social media videos... in Lebanon??
anyone bought anything from www.rahme-mb.com... legit or no legit?
- Thread starter carsnstuff
- Start date
Ted
MB Enthusiast
- Joined
- Feb 26, 2004
- Messages
- 7,296
- Location
- Bourton on Dunsmore
- Car
- Lexus RC300h F-Sport, Yamaha XVS 1100, Toyota C-HR GR sport
Personally I wouldn’t trust anyone with a let’s encrypt certificate with my bank/card details.
But that’s just me.
But that’s just me.
carsnstuff
Active Member
What is a let's encrypt certificate?
Ted
MB Enthusiast
- Joined
- Feb 26, 2004
- Messages
- 7,296
- Location
- Bourton on Dunsmore
- Car
- Lexus RC300h F-Sport, Yamaha XVS 1100, Toyota C-HR GR sport
It’s the secure certificate that encrypts traffic between you and the website.
Let’s encrypt certs are created (or were when I was in IT) by the website owner. They are perfectly ok and valid for securing traffic, but the company hasn’t been checked out by a third party.
I’m just extra cautious - they may be perfectly legit.
Let’s encrypt certs are created (or were when I was in IT) by the website owner. They are perfectly ok and valid for securing traffic, but the company hasn’t been checked out by a third party.
I’m just extra cautious - they may be perfectly legit.
Ted
MB Enthusiast
- Joined
- Feb 26, 2004
- Messages
- 7,296
- Location
- Bourton on Dunsmore
- Car
- Lexus RC300h F-Sport, Yamaha XVS 1100, Toyota C-HR GR sport
This explains it better than me.
“Let’s Encrypt: the bad
While Let’s Encrypt sounds great in theory, it’s not without its problems. It effectively democratises who can access https for their website. At face value this should be positive, however, human nature must be taken into consideration. The majority of the population who are not IT professionals and/or geeks will see https on a site and immediately place their trust in it. That extra “s” carries trust implicitly.
Although Let’s Encrypt is providing encryption only, its presence on a website gives the impression to a lot of visitors that they can place the same levels of trust in the site as they can for so-called ‘green bar’ sites with Extended Domain Validation – this is a https address with a padlock logo next to the business name in the website address bar.
With Let’s Encrypt, anyone can gain https status, but not everyone has been verified to the extent required for green bar status. Since the majority of site visitors don’t understand this subtle difference, it opens up some worrying possibilities.
Having a secure connection to a website does not make that site trustworthy. It doesn’t mean you can use it safely.
As a further concern, little protection preventing distributors of malware from making use of Let’s Encrypt exists. Malware distributors have already taken advantage of this. For example, around 15,000 certificates have been issued to phishing sites containing ‘PayPal’ as a term. It’s been estimated that 96.7% of the certificates relating to PayPal issued by Let’s Encrypt are for fraudulent sites.
Let’s Encrypt’s stance in response to this was less than comforting.
The problem here is a lack of understanding where the general public is concerned, regarding the manner in which https really works. With enough understanding, Let’s Encrypt would be safe to use and we would be able to take advantage of its many benefits. Until then we shall proceed with care, and hope this information helps raise awareness of the issue.
At catalyst2, we are constantly reviewing the situation around Let’s Encrypt and at the moment we see a significant disconnect between trust signals and “technical” security“
“Let’s Encrypt: the bad
While Let’s Encrypt sounds great in theory, it’s not without its problems. It effectively democratises who can access https for their website. At face value this should be positive, however, human nature must be taken into consideration. The majority of the population who are not IT professionals and/or geeks will see https on a site and immediately place their trust in it. That extra “s” carries trust implicitly.
Although Let’s Encrypt is providing encryption only, its presence on a website gives the impression to a lot of visitors that they can place the same levels of trust in the site as they can for so-called ‘green bar’ sites with Extended Domain Validation – this is a https address with a padlock logo next to the business name in the website address bar.
With Let’s Encrypt, anyone can gain https status, but not everyone has been verified to the extent required for green bar status. Since the majority of site visitors don’t understand this subtle difference, it opens up some worrying possibilities.
Having a secure connection to a website does not make that site trustworthy. It doesn’t mean you can use it safely.
As a further concern, little protection preventing distributors of malware from making use of Let’s Encrypt exists. Malware distributors have already taken advantage of this. For example, around 15,000 certificates have been issued to phishing sites containing ‘PayPal’ as a term. It’s been estimated that 96.7% of the certificates relating to PayPal issued by Let’s Encrypt are for fraudulent sites.
Let’s Encrypt’s stance in response to this was less than comforting.
The problem here is a lack of understanding where the general public is concerned, regarding the manner in which https really works. With enough understanding, Let’s Encrypt would be safe to use and we would be able to take advantage of its many benefits. Until then we shall proceed with care, and hope this information helps raise awareness of the issue.
At catalyst2, we are constantly reviewing the situation around Let’s Encrypt and at the moment we see a significant disconnect between trust signals and “technical” security“
