On Thu, 11 Nov 2004 19:54:49 -0800, Neil Stevens <[EMAIL PROTECTED]> wrote: > Also, remember that different people have different threat models to > address. Someone in the old hypothetical revolutionary conspiracy can't > afford to depend on large institutional corporations to sign their > certificates, but still might want to protect their communications from > eavesdropping.
Err, except to have a certificate issued means that your public key has been verified as being from you - verisign for instance never sees your private key. They only see what they would get anyway by connecting to the socket you are running on. There is a lot more risk in trusting a self-signed certificate as a CA, since that certificate can then be used to generate certificates for any other domain. _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mail.jabber.org/mailman/listinfo/jdev
