Conversation

Notices

1. Embed this notice
   Don Cruse (doncruse@appellate.social)'s status on Monday, 16-Jan-2023 21:18:11 JST Don Cruse

   in reply to

   • Masto.host
   • JB Emmons
   • Andrew Leahey
   • Chris Ely

   @tcely @IntlLawGnome @andrew My instance gets an “F” on "HTTPS" from instances dot social but scores an “A” on ssllabs.com.

   I’m hosted on @mastohost, so there may be some subtle setting in the shared environment that is failing the test. (Or maybe it’s me, and I need to fix a DNS setting? Which I'd happily do...)

   • Embed this notice
     Chris Ely (tcely@fosstodon.org)'s status on Monday, 16-Jan-2023 21:18:12 JST Chris Ely

     in reply to

     • JB Emmons
     • Andrew Leahey

     My best guess for HTTPS grades, is the ssl labs score.

     https://www.ssllabs.com/ssltest/

     Update: the source code says it is reaching out to this site for HTTPS:

     https://cryptcheck.fr/about

     The Obs. would make sense for:

     https://observatory.mozilla.org/

     There is a GitHub issue that explains this too.

     https://github.com/TheKinrar/instances/issues/117#issuecomment-1319892525

     @IntlLawGnome
     @andrew

   • Embed this notice
     JB Emmons (intllawgnome@law.builders)'s status on Monday, 16-Jan-2023 21:18:13 JST JB Emmons

     in reply to

     • Andrew Leahey

     @andrew
     It makes more sense than anything I can come up with!

   • Embed this notice
     Andrew Leahey (andrew@esq.social)'s status on Monday, 16-Jan-2023 21:18:14 JST Andrew Leahey

     in reply to

     • JB Emmons

     @IntlLawGnome My guess would be certificates that are signed by a third party authority (like LetsEncrypt) as against self signed certificates.

     But that strikes me as a binary so I'm not sure how you get to a score with that either.

     Quality of signer?

     Just a guess!

   • Embed this notice
     JB Emmons (intllawgnome@law.builders)'s status on Monday, 16-Jan-2023 21:18:15 JST JB Emmons

     in reply to

     • Andrew Leahey

     @andrew
     Yeah, poking around, it looks like Obs is the "Mozilla Observatory score" while the other stands for "HTTPS score." See https://law.builders/@IntlLawGnome/109696210795004914

     I broadly understand the difference between HTTP and HTTPS, but I'm struggling to see how instances are "scored" based on HTTPS. Maybe a connectivity thing?

   • Embed this notice
     Andrew Leahey (andrew@esq.social)'s status on Monday, 16-Jan-2023 21:18:16 JST Andrew Leahey

     in reply to

     • JB Emmons

     @IntlLawGnome HTTPS is "Hypertext Transfer Protocol Secure" and you'll see sites either have http:// or https:// URLs. The latter encrypt and sign traffic between the server and the browser, so no one can sniff in between (oversimplified but you get it).

     OBS I think is some kind of overall score based on uptime and such? Not sure.

   • Embed this notice
     JB Emmons (intllawgnome@law.builders)'s status on Monday, 16-Jan-2023 21:18:17 JST JB Emmons

     Quick #Mastodon #instance question I was asked & don't know the answer to -- any help is appreciated!

     On instances.social, instances are ranked on a seeming A-to-F scale under categories "HTTPS" and "Obs." What are these categories supposed to mean? Are they intended as indicators of instance health in some ways?