7th November 2016
ASR league goes SSL… for higher privacy + IT security of its league members
From beginning, since the ASR Team overtook the ASR – Advanced Study Room and the ASR league it was (and still is) the target, to make all the online platforms (website + league system + forum) as much as safe.
We are lucky today to announce, that on last weekend the whole ASR server under the host address www.advancedstudyroom.org was reconfigured to be protected by SSL Certificate for secure connections between browser and web server. Such certificate fulfills two important functions:
- It authenticates the identity of the website (this guarantees visitors that they’re not on a bogus site)
- It encrypts the data that’s being transmitted
Specifically 2.) is relevant that our league members can’t be spied out, e.g. being tracked from outside how they move around on the website, to keep their login and registration data confidentially, to ensure a trustworthy communication with the ASR team (e.g. using the contact page), to communicate safely between the ASR league members on the ASR website (in the ASR forum, via pm (private message) or chat).
The strength of SSL certificates depend on the bit length of its public key. ASR’s new certificate uses the level of RSA-2048… with 256-bit encryption in the operating system and for web browsers (see extract of the SSL test report). RSA-2048 has 617 decimal digits (2,048 bits). Actually there are going intensive discussions in the IT world between Crypto-specialists if it makes sense to double the key length up to RSA-4096.
It will depend on the frequency of donations by our league members if we can invest into SSL certifications of higher security levels which are in the range of min. 200 US dollars / year per domain. High quality certificates (e.g. by Symantec) are in the range of ~1,400 US dollars / year. – IT security and data protection is costly.
How to handle SSL as user ?
It is very simple to visit a web server which is SSL certified. Just replace the regular domain http://www.advan… with https://www.advancedstudyroom.org . Some browsers, e.g. Mozilla Firefox indicate the trust-worthy visit and SSL certificate by flagging with a “green locker”.
It has a historical reason, that some pages and posts are indicated as “unsafe”… as the website used (and still uses) a mixed content of data which are stored on the web server + external data (e.g. images / graphics stored for cachingand speeding up the website on external servers). For the volunteers who run the ASR project its impossible to re-edit manually more than 600 posts and pages (from 2010-2016). – But there is no reason to worry. As the SSL Certificate is valid till 4th November 2019 (see SSL test report).
Some very few features on the ASR website are out of function if a visitor uses the SSL certified links/login, because “SSL” does not allow a mix of ssl-proofen content (source: http://www. …) and insecure content (source: http://www. …), e.g. the player’s game archive + SGF viewer on the “personalized profile page” because of its non-ssl based “short code” isn’t visible for now. We are working on a solution (re-programming) next weeks to get it back asap.
If you like to use it, you still can login the “old way” without SSL. We recommend not to do so (for now), as you still can use your external game archive on the GO server KGS. Its more important to take the safe route by login via SSL-encrypted account.
Future perspectives based on SSL …
Since weeks the ASR Team is testing internally (as “alpha test”) different tools, e.g. for “game planning” to keep the player’s time more efficient independently from time and place. Such tools will be available for our players on the ASR website, after safe login very soon. – With the new SSL Certificate actually we are looking for Beta Testers now as we like to offer a full functional test environment (using SSL).
For “online payment” and safe donations directly on the ASR website without leaving it the SSL certificate will be very relevant, too. The ASR Team can start now with “alpha tests”. Meanwhile the donors can use further on the safe payment via PayPal.
Following extract of the SSL test protocols (test date: 6th November 2016) document the web domain validation and strength of encryption. – Enjoy your safe surf on the ASR web site !
SSL Test Report on 6th November 2016 (extract)