From: "Leland V. Lammert" <[EMAIL PROTECTED]>
lvl> At 09:59 AM 12/28/00 +0000, Jon Hedges wrote:
lvl>
lvl> >Now I was wondering: how does one go by getting the
lvl> >certificates? I assume the snake-oil certs are not supposed for
lvl> >prime-time use, so where can I get a decent certificate, and how
lvl> >much is it gonna cost me?
lvl>
lvl> Hi Jon,
lvl>
lvl> What's the problem with snake-oil in prime time? Who ways a site
lvl> is any more reliable with a commercial CERT than a self-signed
lvl> CERT? Just because you pay money to get a CERT doesn't prove you
lvl> are more trustworthy.
Depending a bit o the certificate, there's a certain trustability to
the identity of whatever the certificate actually identifies. It
highly depends on the CA and the checks they do. Thawte has a number
of procedures to check the identity of the certificate holder,
depending on national law and what the holder is (person or company).
Of course, this doesn't make the certificate holder more trustable,
but at least it should make him, her or it identifiable and perhaps
persuable and therefore mor responsible...
Self-made certificate do not have any real traceability of any kind,
since they can contain any (potentially bogus) data, rendering the
trust level at least one step lower than certificates from recognised
CA's, since even the identity isn't certified. Such certificates
obviously only have the purpose to enable cryptography and have
nothing to do with authentication.
Of course, if you set up a CA who's results will only be shared by
people you know, the trustability is different, since it's personal.
The difference will of course depend on the trustability of the CA you
use in the first place...
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
Redakteur@Stacken \ SWEDEN \ or +46-709-50 36 10
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, Celo Communications: http://www.celocom.com/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
