-Original Message-
From: news [mailto:n...@ger.gmane.org] On Behalf Of Nicholas Sherlock
Jfyi: you might also try free and not widely recognized,
http://cacert.org/
Won't certificates signed by them be only useful for
internally-deployed
apps? They're not a trusted root on
Boyle Owen wrote:
...
It's worth remembering what a certificate is for; it is a document,
undersigned by a third-party, that confirms that you are who you say you
are. The third-party certificate signing authority is putting their
reputation on the line and has a moral (even a legal)
-Original Message-
From: André Warnier [mailto:a...@ice-sa.com]
Sent: Wednesday, July 22, 2009 3:09 PM
To: users@httpd.apache.org
Subject: Re: [us...@httpd] Re: Low priced certificate?
We are a services company, and provide websites to select
customers, for
their own usage
It sounds to me like you are hosting their sites... meaning you have
virtual hosts, etc.?
If I go to my bank and open a checking account... fine... it's free.
However, if I want a safe deposit box, I'll have to pay... unless...
maybe if I keep X amount of money deposit accounts with the
On Wed, Jul 22, 2009 at 02:43:10PM +0200, Boyle Owen wrote:
It's worth remembering what a certificate is for; it is a document,
undersigned by a third-party, that confirms that you are who you say you
are. The third-party certificate signing authority is putting their
reputation on the line
On Wed, Jul 22, 2009 at 03:09:25PM +0200, André Warnier wrote:
While not contradicting the essence of the above, I would like to know
something for my own edification, if some expert could comment.
I don't think of myself as an expert, but I'm free with my opinions. :-)
[a desire to secure
That said, the most expensive gold-plated cert. you can buy may not be
worth much more, in your application, than one you could get for half
as much.
This is absolutely correct...except that some may appreciate the fact
that you're using the gold-plated cert.
That is, it sounds much better to
On Jul 22, 2009, at 11:40 AM, Mark H. Wood wrote:
On Wed, Jul 22, 2009 at 03:09:25PM +0200, André Warnier wrote:
While not contradicting the essence of the above, I would like to
know
something for my own edification, if some expert could comment.
I don't think of myself as an expert, but
* Joseph Morgan josephmmor...@hotmail.com [2009-07-22 17:47]:
In the cert world, your customers would likely rather see that your
certs are signed by Verisign than by
pimpmycert.com
As if they could tell the difference.
If both root CAs are in the browser's root chain, why shouldn't they
Nicholas Sherlock wrote:
An attacker can use precisely the same mechanism to serve their own
certificate. Your website will have carefully trained the user in
advance to ignore all security warnings and accept the rogue
certificate. What a waste of time. The only thing you're protecting
10 matches
Mail list logo