Opinions or pointers to references addressing these question appreciated: Do you self-sign the certificates you use for signing and encrypting web service traffic? Does this establish sufficient trust? Do you use a well-known certificate authority to sign/create your certificates? Are there any out there that even provide certificates for web service encryption/signing?? Are the SSL certificates that most vendors sell suitable for web service signing and encryption?
I hope this is a suitable topic for this group. I haven't found much information other than what vendors have to say and they are 1. not objective (see this interesting article: http://www.schneier.com/paper-pki.html) and 2. not oriented to securing web services (seem to know mostly about SSL certificates for web servers). Thanks! ______________________________________________ Steve Gruverman, Programmer IntelliCare, Inc. | A Medco Health Solutions Company 500 Southborough Drive | South Portland ME 04106 p: (207) 253-2152 | f: (207) 773-1857 w: www.intellicare.com | e: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
