> -----Ursprüngliche Nachricht----- > Von: dovecot [mailto:[email protected]] Im Auftrag von > Stephan von Krawczynski > Gesendet: Dienstag, 24. Juni 2014 17:15 > An: Patrick De Zordo > Cc: 'Dovecot Mailing List' > Betreff: Re: AW: ot: accepting self certs into win pc? > > On Tue, 24 Jun 2014 17:03:09 +0200 > Patrick De Zordo <[email protected]> wrote: > > > Don't use self signed certs! - Buy some, or use free services! Your > reputation will grow! > > I am sorry, but someone _has_ to say it: if anyone really thinks that a south > african or US entity selling certs is the way to "grow your reputation" this > alone should tell you that the whole thing is nothing but a bogus _business_. > It has zero to do with security or the like. It is a _business_ and it should > be > obvious that you will only be lied by the corresponding entity if something > bad happened (probably for years). Look at the diginotar story and _learn_. > [De Zordo Patrick] Basically true if using some "strange" certs providers. The cert providers proven by big software companies should be the safe way.
> The only way to make certs worth using again is to create a way every client > can verify a self-signed certificate by some kind of dns pointer inside the > questionable domain and/or the certificate. > > You cannot prove the correctness of a third party entity, and that's why there > is no reputation at all. > [De Zordo Patrick] ?? > > Cheers! > > Yes, have a beer... > [De Zordo Patrick] I will, I will.. > -- > Regards, > Stephan
smime.p7s
Description: S/MIME cryptographic signature
