Thus spake Deepak Jain ([EMAIL PROTECTED]) [05/12/03 15:22]:
> Is there a documented process for a new CA to get their certs
> approved/added or is it a clandestine process?
AFAIK, clandestine. cacert.org has been trying to get their CA included
in Mozilla for some time now, but hasn't been abl
In message <[EMAIL PROTECTED]>, "Peter Galbavy" wr
ites:
>
>Deepak Jain wrote:
>> Is there a documented process for a new CA to get their certs
>> approved/added or is it a clandestine process?
>
>"You are in a twisty little maze of corporate back scratching, all
>political."
>
s/political/financ
Deepak Jain wrote:
> Is there a documented process for a new CA to get their certs
> approved/added or is it a clandestine process?
"You are in a twisty little maze of corporate back scratching, all
political."
Peter
Yes, it's a cartel, and yes, actions taken by said cartel are at least partially
responsible for the pop-up happening.
Is there a documented process for a new CA to get their certs
approved/added or is it a clandestine process?
Thanks,
Deepak Jain
AiNET
[EMAIL PROTECTED] writes on 12/5/2003 1:28 PM:
The three ways to disable the popup:
1) Have the user accept a CA cert for your site. Help Desk Nightmare.
2) Have the user disable the popup. Help Desk Nightmare.
3) Get the top-level-CA cartel to accept your CA cert in the list of ones
bundled int
On Fri, 05 Dec 2003 10:14:48 PST, Mark Foster said:
> The CA does not popup a warning. It is the browser or client application
> that does this.
The three ways to disable the popup:
1) Have the user accept a CA cert for your site. Help Desk Nightmare.
2) Have the user disable the popup. Help De
[EMAIL PROTECTED] wrote:
On Fri, 05 Dec 2003 10:26:33 CST, Adi Linden said:
So what does the PKI actually buy you that using a throwaway self-signed cert
doesn't provide?
No popup box on the browser asking to accept the certificate.
"Pay us $1,000 or we'll annoy your users with popups".
The CA d
On 5 Dec 2003, at 11:55, Bob Beck wrote:
There is an expectation that URLs which do not produce "this
certificate is not trusted" messages are safe for people to use to
disclose sensitive information like credit card numbers. The average
consumer has been educated to this effect at great length
On Fri, 05 Dec 2003 10:26:33 CST, Adi Linden said:
> > So what does the PKI actually buy you that using a throwaway self-signed cert
> > doesn't provide?
>
> No popup box on the browser asking to accept the certificate.
"Pay us $1,000 or we'll annoy your users with popups".
Sounds suspiciously l
>There is an expectation that URLs which do not produce "this
>certificate is not trusted" messages are safe for people to use to
>disclose sensitive information like credit card numbers. The average
>consumer has been educated to this effect at great length by
>commerce-oriented websites and
On 5 Dec 2003, at 11:01, [EMAIL PROTECTED] wrote:
On Fri, 05 Dec 2003 09:28:05 CST, Adi Linden said:
While the ssl certificate is meant to verify the owners identity, as a
consumer I would never trust a ssl certificate for that purpose. It
does
provide a reasonable effort to keep information be
[EMAIL PROTECTED] writes on 12/5/2003 11:01 AM:
So what does the PKI actually buy you that using a throwaway self-signed cert
doesn't provide?
Less headaches handling hundreds of support tickets that basically say
"browser displayed an alert about the cert being self signed", with or
without 2
> So what does the PKI actually buy you that using a throwaway self-signed cert
> doesn't provide?
No popup box on the browser asking to accept the certificate.
Adi
On Fri, 05 Dec 2003 09:28:05 CST, Adi Linden said:
> While the ssl certificate is meant to verify the owners identity, as a
> consumer I would never trust a ssl certificate for that purpose. It does
> provide a reasonable effort to keep information between me and the server
> confidential. That'
Matt Blaze said it well some years ago: "A CA will protect you against
anyone from whom it won't take money."
--Steve Bellovin, http://www.research.att.com/~smb
>I would never trust a ssl certificate for that purpose. It does
>provide a reasonable effort to keep information between me and the server
>confidential. That's worth something, I guess.
I agree with you, I just don't think this is reasonable. If the
CA's aren't going to keep tabs on your
While the ssl certificate is meant to verify the owners identity, as a
consumer I would never trust a ssl certificate for that purpose. It does
provide a reasonable effort to keep information between me and the server
confidential. That's worth something, I guess.
Adi
>So the long and the short of it is, our CA has *LOST* the
>documents showing who we are, and wants new ones.
Wow!
Have you contacted http://www.geotrust.com about this?
I'm sure they would fly people out to Calgary to personally
inspect your identity at no charge just for a chan
So, an interesting thing happened to me yesterday.
I run OpenBSD's https.openbsd.org site. Of course, we have an
SSL Site certificate for this site. When we first started the site,
(about 6 years ago) we got a site certificate from Thawte. Back in
these days they were based in So
19 matches
Mail list logo
