Rob van der Heij wrote:
On Thu, May 22, 2008 at 2:36 AM, John Summerfield
<[EMAIL PROTECTED]> wrote:
Huegel, Thomas wrote:
Well, yes I can (did) make a SELF-SIGNED certificate and it works fine.
But my auditor doesn't like it.
Why?
Isn't it like when the cops pull you over and you show them a
No, it's not. The suitability of a self-signed certificate depends on
the context in which it's used.
hand-written piece of paper that says "Driver's License" and when they
question it, you point at your own signature at the bottom. Nor do we
think the customer card of the local pizza place is a valid
identification. Back then we had a big scene when someone managed to
get through airport security with a children's "passport" of a big
amusement park...
When you generate your own master certificate, the private parts of
that may not be as safely protected as the professional CA's do. If
you now told your users to trust you (that is, install your
certificate into their browser) then if someone steals your private
keys, they can sign whatever they like and all your users will trust
it. If they use that to set up a mock-up copy of a banking site, your
users will not notice that is a fake.
If I created a self-signed certificate for example.com, it would not be
to provide my identity to the public at large, but for use within a
small group. Not everyone needs _that_ level of security.
Thomas didn't say why he needed a cert.
--
Cheers
John
-- spambait
[EMAIL PROTECTED] [EMAIL PROTECTED]
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
