Am 24.06.2014 17:25, schrieb Patrick De Zordo: >> -----Ursprüngliche Nachricht----- >> Von: dovecot [mailto:[email protected]] Im Auftrag von >> Stephan von Krawczynski >> Gesendet: Dienstag, 24. Juni 2014 17:15 >> An: Patrick De Zordo >> Cc: 'Dovecot Mailing List' >> Betreff: Re: AW: ot: accepting self certs into win pc? >> >> On Tue, 24 Jun 2014 17:03:09 +0200 >> Patrick De Zordo <[email protected]> wrote: >> >>> Don't use self signed certs! - Buy some, or use free services! Your >> reputation will grow! >> >> I am sorry, but someone _has_ to say it: if anyone really thinks that a south >> african or US entity selling certs is the way to "grow your reputation" this >> alone should tell you that the whole thing is nothing but a bogus _business_. >> It has zero to do with security or the like. It is a _business_ and it >> should be >> obvious that you will only be lied by the corresponding entity if something >> bad happened (probably for years). Look at the diginotar story and _learn_. >> > [De Zordo Patrick] > Basically true if using some "strange" certs providers. The cert providers > proven > by big software companies should be the safe way
please stop to prove that you have no clue how certs are working it does not matter who signed *your* cert the problem is that any client trust *thousands* of CA's *any* of them can sign to anybody a cert preteding he is you you can't do anything against that if someone gets a certificate for yourdomain.tld and manages the client to connect to his server instead yours you have no way to take notice, the user have no way to notice and the game is over
signature.asc
Description: OpenPGP digital signature
