Well the one reason we don't use a CA that m$ wants or netscape wants, is
to show potential purchasers of our systems that the system is quite
capable of running https as well as Apache for web hosting or for
Intranet and Extranet.
I can understand larger companies like banks, institutions and the like,
not wanting people see all the warnings that will pop up when they hit our
site. The last I checked the cost was like $350 U.S. which for small
companies, is a big rip. The problem remains that, people unfamiliar with
Unix or CA's or Mod-SSL would most likely be scared to input their credit
cards or other personal/financial data. That being said, it (the lack of
one of the verisigns of our world) would hurt e-commerce.
Regards,
Lanny
On Dec 6, 2000, James Moore in vogue yet hilarious wrote:
>On 6 Dec 2000, Owen Boyle wrote:
>
>> Michael wrote:
>> > Is there any reason to pay for Verisigned keys or does setting up our
>> > companies own CA work equally well?
>>
>> Technically, a self-signed certificate will work perfectly well.
>> However, the browser will "inform" the user that it doesn't recognise
>> the authority that signed this certificate. If you use Verisign etc..
>> the browser will already recognise them as a Certificate Authority and
>> accept the certificate without a squeak.
>>
>> It depends what you want to use SSL for. If you want strangers to send
>> you their private details, you'd be better off with a commercial
>> certificate since they won't be frightened by the "warnings". However,
>> if you are using SSL for a specific closed group of users, then use your
>> own certificate and inform them about it...
>
>All true... but the primary motivation (IMO) for using a cert is if you
>are doing business with the general public (i.e. strangers). Customers
>who see warning messages emitted by their browser when they encounter a
>cert that's not signed by one of the browser-recognized CAs tend to get
>"cold feet". Therefore online merchants rush to pay Verisign and their
>ilk a fee for a cert that buys them some "warm and fuzzies".
>
>A cynic might argue that CAs represent the sleaziest sort of pandering;
>that it is designed to exploit the ignorance of the average consumer
>who believes that because his browser doesn't tattle on an "official"
>cert that he's dealing with a reliable party. He might also suggest
>that the entire CA industry is the result of a collusion of greed that
>is a result of RSA's partial ownership of Netscape.
>
>Good thing I'm not a cynic :)
>
>Best Regards,
>James Moore
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
