Karl Denninger wrote:
> However, the concept that a PERSON needs to pay upwards of
> $100 to get a key
> by which they can have a SSL connection work from a web
> server is insane.
If you look at the simple operation of signing a server certificate,
then sure, that does seem a bit expensive, BUT that's not all you get.
If it was, then you should just use one of the certificates that
mod_ssl lets you generate during installation. Setting up a CA to
issue certificates is technically rather easy - getting the legal
stuff and all the procedures in place is quite a lot more complicated
(trust me - I've been been in that business for a while).
>
> Why are there no public CAs - much like the public keyrings for PGP?
>
Because it wouldn't make any sense - if you don't want liability,
authenticity checks and lots of other legal stuff, then you might as
well forget about using certificates at all - all you'd have was the
encryption.
> Why does Nutscrape and Microslug only ship with COMMERCIAL,
> and EXPENSIVE,
> CAs loaded?
You can only guess...
I've heard someone saying that Netscape wanted more than $100K to
put their root cert in the browser - which I suppose would be a
possible explanation.
You might also ask yourself why those two browsers only support
RSA patented algorithms...
vh
Mads Toftum, QDPH
---
The brain is a wonderful organ; it starts working the moment you get up
in the morning, and does not stop until you get to work.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
