Tremaine Lea wrote: > Having said that, the BCSG *will* refuse self-signed certs and expired > certs etc. >
That is the stupidest thing I've ever heard. Honestly, a paid-for cert is barely more trustworthy than a self-signed cert. The entire cert system is broken by design, and benefits nobody but the money collectors at the major companies (VeriSign, Entrust, etc). Can somebody convince me that my understanding is mistaken? Thanks, Randy ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
