On Friday, 05/23/2008 at 08:24 EDT, Rob van der Heij <[EMAIL PROTECTED]> wrote: > Sure, context. If you sit in the broom closet and just show your > hand-written driver license to yourself to practice the movements or > rituals, sure... Useful when you want to learn things or do > experiments. > > I know of at least one CA that provides *free* certificates (that > expire in a month) for experimenting. That might be more appropriate > than training folks to click "Yes" to accept self-signed certificates. > Wonder what they will do when you present them a new CA to import into > their browser...
<peeve type=pet> I agree with Rob on this. The problem isn't technical, it's psychological. It is my personal opinion that, as IT professionals who have a *choice*, we should not make choices that promote this form of social engineering. It's like making the choice to recycle/reduce/reuse: You can't change the world, but you can change your corner of it. If you're the only one who will use the self-signed cert, then, as Rob says, it's a very useful tool. But the instant you involve someone else, you put *them* at risk. Not with your sincere, well-intentioned, self-signed cert, but with a Black Hat's cert out on the web. I will not do online business with a company that has a certificate that is a) Self-signed b) Not for the server I'm talking to If the certificate is expired, I may or may not do business; it depends on the longevity of the certificate. But it takes willpower and attention to detail to actually read the cert pop-up to see what's wrong with it and to click "Details..." to look at the cert because I am bombarded daily by certs that I have no choice but to accept. Grrrrrr. </peeve> Alan Altmark Speaking for himself ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
