Anybody can get cert from any CA -- all you have to do is prove to them the business exists. It doesn't check to see if the business itself is trustworthy. I wouldn't hinge all my trust in a company based on where the cert came from. When I consider purchasing from an online vendor, I consider the company first -- the cert later. Look at all the Yahoo! shops -- most, if not all, use certs issued to Yahoo from RSA, but not the company itself.
Just my .02 tim P. ----- Original Message ----- From: "Jochem van Dieten" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Friday, October 25, 2002 5:22 AM Subject: Re: OT cheap SSL > Chris Kief wrote: > > > These guys are fantastic. A variety of different certs to suit your > > needs plus excellent customer service and fast turnaround (they have > > one that's $119 and emailed to you within a few minutes). > > > > http://www.geotrust.com > > Certificates serve both the purpose of securing a connection and > identifying the operator of a server. Just any certificate will be > sufficient to secure a connection, you can just use a self-issued > certificate for that. However, to identify the operator the CA has to > establish the identity of the person that asks for a certificate. > Since I don't believe they can positively identify you to be the person > you say to be within a few minutes I consider them insecure and have > deleted their CA signing cert from my system. > > Thanx for the warning, > > Jochem > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm