Any other reason browsers would favor a bigname ripoff CA over companies
owns? Are their any CA's that charge a more reasonable rate (like $10) for
the puny task of running a short program over data already provided them
and emailing it back?
*^*^*^*
Have the courage to take your own thoughts seriously, for they will shape
you. -- Albert Einstein
On Wed, 6 Dec 2000, James Moore wrote:
> On 6 Dec 2000, Owen Boyle wrote:
>
> > Michael wrote:
> > > Is there any reason to pay for Verisigned keys or does setting up our
> > > companies own CA work equally well?
> >
> > Technically, a self-signed certificate will work perfectly well.
> > However, the browser will "inform" the user that it doesn't recognise
> > the authority that signed this certificate. If you use Verisign etc..
> > the browser will already recognise them as a Certificate Authority and
> > accept the certificate without a squeak.
> >
> > It depends what you want to use SSL for. If you want strangers to send
> > you their private details, you'd be better off with a commercial
> > certificate since they won't be frightened by the "warnings". However,
> > if you are using SSL for a specific closed group of users, then use your
> > own certificate and inform them about it...
>
> All true... but the primary motivation (IMO) for using a cert is if you
> are doing business with the general public (i.e. strangers). Customers
> who see warning messages emitted by their browser when they encounter a
> cert that's not signed by one of the browser-recognized CAs tend to get
> "cold feet". Therefore online merchants rush to pay Verisign and their
> ilk a fee for a cert that buys them some "warm and fuzzies".
>
> A cynic might argue that CAs represent the sleaziest sort of pandering;
> that it is designed to exploit the ignorance of the average consumer
> who believes that because his browser doesn't tattle on an "official"
> cert that he's dealing with a reliable party. He might also suggest
> that the entire CA industry is the result of a collusion of greed that
> is a result of RSA's partial ownership of Netscape.
>
> Good thing I'm not a cynic :)
>
> Best Regards,
> James Moore
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
