>> So at the company I work for, most of the internal systems have
>> expired SSL certs, or self-signed certs.  Obviously this is bad.
>You only think this is bad because you believe CAs add some value.

Presumably the value they add is that they keep browsers from popping
up scary warning messages.  There are all sorts of reasonable
arguments to be made that the browsers are doing the wrong thing (and
the way that Microsoft prevents you from ever deleting any of their
preinstalled CA certs is among the wrongest.)

Nonetheless, unless we can persuade all the users in question to
adjust their browsers, which is always a losing battle, it's easier
just to pay the $15 protection money and get a CA signature.

John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for 
Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor
"More Wiener schnitzel, please", said Tom, revealingly.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to