Somewhere in that /. thread, I read that Comodo, who sells certs on InstantSSL.com, has some sort of "reseller" program, where you pay a couple hundred bucks to become a "trusted" signer iirc... comments were on how that defeated the concept of "trusted" of course, but they have cheap certs and I've personally had good customer service with them... Note, however, that they deliver certs in unencrypted email.
I'd love to hear others' thoughts on the pay-to-be-an-associate program; the fellow who explained it said it was great since he could get SSL certs made for his clients *immediately*... interesting. I wonder if they give you the ability to generate new certs on their server, or if you make them yourself?? Very interesting, yes. ciao, Ben On Mon, 2003-01-27 at 06:39, Alain Williams wrote: > On Mon, Jan 27, 2003 at 01:42:43AM -0800, Larry Price wrote: > > Reading the slashdot from 4 days ago, > > > > it seems the main cost would be setting up an network isolated box and > > feeding it blank media till you had enough certs to go around and then > > making sure the passphrases for the private key were recoverable (yeah I > > know it's not as provably secure, but we're dealing with humans here) in > > case the hapless forgot theirs. > > > > Aw, hell, just run the CA on a spare partition on one of your webservers, > > use the ips of nimda infected hosts to seed your prng and see just how > > little security you can get away with, he, he > > > > Maybe that's the answer, instead of a few big CA's with wretched security > > you go for a zillion cheap and crappy CA's and exploit the redundancy > > IOW if a significant minority of the CA's you've dealt with say you are a > > liar and a cheat and the ones who rate you most trusted are themselves > > down rated.... sort of an anthill, bird flock, thing > > The main cost is getting the chain of trust to end up with a machine that > is one of those nailed in to Netscape/IE/... As I understand it that means > having to buy a key signing licence from one of the big boys ... that is > why I am looking for others to share the cost. _______________________________________________ Eug-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
