On Mon, Jul 30, 2001 at 03:35:47PM +0200, Magnus Bodin wrote:
> What's your opinion?
Do I trust Verisign/Thawte? Surely not. The whole SSL signing infrastructure
is just a big money machine. The task of signing keys for apps like https
and smtp/pop3/imap ove SSL is sooooooooooo easy and really really easy to
automate through a mailrobot, it's a shame that someone wants more than 1$ a
year for that.
A kind of OpenCA would be nice, though worthless for most users as long as
M$ and Netscape/AOL don't include the certificate in their browsers, and we
should be sure Veridign & co pay a _lot_ for that.
--
* Henning Brauer, [EMAIL PROTECTED], http://www.bsws.de *
* Roedingsmarkt 14, 20459 Hamburg, Germany *
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)
