On Mon, Jan 27, 2003 at 01:42:43AM -0800, Larry Price wrote: > Reading the slashdot from 4 days ago, > > it seems the main cost would be setting up an network isolated box and > feeding it blank media till you had enough certs to go around and then > making sure the passphrases for the private key were recoverable (yeah I > know it's not as provably secure, but we're dealing with humans here) in > case the hapless forgot theirs. > > Aw, hell, just run the CA on a spare partition on one of your webservers, > use the ips of nimda infected hosts to seed your prng and see just how > little security you can get away with, he, he > > Maybe that's the answer, instead of a few big CA's with wretched security > you go for a zillion cheap and crappy CA's and exploit the redundancy > IOW if a significant minority of the CA's you've dealt with say you are a > liar and a cheat and the ones who rate you most trusted are themselves > down rated.... sort of an anthill, bird flock, thing
The main cost is getting the chain of trust to end up with a machine that is one of those nailed in to Netscape/IE/... As I understand it that means having to buy a key signing licence from one of the big boys ... that is why I am looking for others to share the cost. -- Alain Williams #include <std_disclaimer.h> _______________________________________________ Eug-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
