> > OWSA> How dose some other servers I see run ssl under there > OWSA> servers for there clients with the certificate from > OWSA> root??? > > In addition to what Gerald correctly stated: blanket certs. > One pays, say, about five times as much for > > *.somedomain.tld > > for which there is no limit on "*" subdomains. > > I contend that > > secure.somedomain.tld/customer/ > > is a security risk. The certificate validates the provider, but > what is to stop me from signing up with them, using a valid cert, > and impersonating a competitor that they host? > > An individual cert validates as well as encrypts -- at least in > theory. > > Eddy > --
These are good points, and Marcos Gurgel offered a link that also provides a workable solution. What Eddy is alluding to in this e-mail is that there are two uses for a secure certificate; it encrypts traffic AND it verifies that the site manager is who they say they are. If you've purchased a cert before, you'll know that the process involves business checks and proving your identity. If you use a shared cert, you lose 1/2 of the functionality of the certificate. Any of us with a raq server or openssl software can generate our own certificates that provide the same level of encryption as a standard cert from the big CAs. There just is no verification that the party is who they say they are. That's what you're paying for with Thawte or Verisign. Matthew Nuzum www.bearfruit.org [EMAIL PROTECTED] _______________________________________________ cobalt-developers mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-developers
