On Wednesday 02 May 2007 5:36 am, Martin Paljak wrote: > On 02.05.2007, at 15:21, Alaric Dailey wrote: > > StartCom has free certs, and is now accepted by most browsers. > > Nice service. > > But real life statistics say: 80% users use IE (in Estonia) > > So unless IE accepts the certificate ( I'll omit my comments on the > green bar thing) it is not that good for daily work. IE is STILL the > majority ...
Agreed. I would recommend godaddy (or other) for the website. However, I do agree that StartCom is a nice service, and I'm believing that the reason it is not included in Windows yet is mostly political. The fact that StartCom has already qualified for other CA programs (Mozilla, Apple) is enough for me to recommend its usage. For the Psi XMPP client project, we plan to distribute the StartCom root certificate with the client, and use it for root CA verifications in addition to the operating system storage. The plan is that the client download itself shall be secured by an existing CA established in Windows (for example, godaddy), so that it is a safe download for all users, even those using IE. The interesting effect here is that by having Psi take the burden of using a Windows-established CA, it removes this burden from *every* XMPP server. XMPP servers will be able to use StartCom certificates without any tradeoff. Without StartCom bundling, XMPP server admins would be stuck in the same position as HTTP server admins, having to choose between cost and compatibility. My message doesn't really help the opensc situation, but I thought readers on this list might find our pragmatic Psi + StartCom deployment strategy interesting. -Justin _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel