I don't know... Isn't the whole point of verisign is that they verify your identity on some level? Otherwise, I could just order a certificate from these guys for Amazon.com, somehow get your computer to recognize amazon.com as my ip (either through the hosts file, dns poisoning or other means) and your browser will think that you are at the amazon.com site. The whole point of verisign, is when they issue a cert to amazon.com, they verify and make sure that it's really someone from amazon ordering the cert. (Lame as their verification methods may be).
I don't' think th ey should be included in the trusted CA list as they do not do any form of identify verification. Russ -----Original Message----- From: John C. Bland II [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 30, 2005 7:13 PM To: CF-Talk Subject: Re: Free SSL (was Re: Authorize.net request) Oh, and the fact that they will most likely be included in the browsers as "trusted" before you or your company is. :-) On 11/30/05, John C. Bland II <[EMAIL PROTECTED]> wrote: > > Knowledge. :-) > > On 11/30/05, Russ <[EMAIL PROTECTED]> wrote: > > > > I'm confused... What's the difference between getting the > > certificate from that site and generating one yourself? I've gotten > > a warning in IE as well, so if a browser is going to give users a > > warning, why not just generate your own? > > > > -----Original Message----- > > From: Bryan Stevenson [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, November 30, 2005 5:45 PM > > To: CF-Talk > > Subject: Re: Free SSL (was Re: Authorize.net request) > > > > > All, the bad cert warning is because CACert is not included as a > > > trusted certification authority by default in IE or Firefox > > certificate > > settings. > > > So yes, that warning will probably pop up for most people landing > > > on a site which uses their certs. Note that one of their primary > > > goals is "inclusion into mainstream browsers." No word of when > > > they expect to > > hit > > that goal. > > > > > > Regarding the little lock in the corner...I think 90% of web > > > surfers have no idea about the difference between SSL and not SSL. > > > But I use SSL too on my sites that do credit card transactions, > > > just for the 10% > > > > > of the users who do notice that little lock. > > > > > > -- Josh > > > > Regardless...it's my arse as the developer if I don't set it up > > right and a client gets hacked....in this case I could care less > > what the user knows or doesn't...I know better so I use certs ;-) > > > > Bryan Stevenson B.Comm. > > VP & Director of E-Commerce Development Electric Edge Systems Group > > Inc. > > phone: 250.480.0642 > > fax: 250.480.1264 > > cell: 250.920.8830 > > e-mail: [EMAIL PROTECTED] > > web: www.electricedgesystems.com > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:225783 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
