I'd just go for a discount proof of having someone send a copy of their
certified business license or something like that. What do I care who they
are as long as they I verify they own the domain they are claiming the
certificate for?
*^*^*^*
Have the courage to take your own thoughts seriously, for they will shape
you. -- Albert Einstein
On Thu, 7 Dec 2000, Mike King wrote:
> Perhaps that's a business idea for you - can you run a profitable business
> issuing SSL certificates for $10 each ? Part of the process is that they
> need to verify that you are who you say you are. The Dunn & Bradstreet
> search that they have to do probably costs at least $10.
>
> Cheers
>
> Mike
>
> At 19:56 6/12/2000 -0600, you wrote:
> >Any other reason browsers would favor a bigname ripoff CA over companies
> >owns? Are their any CA's that charge a more reasonable rate (like $10) for
> >the puny task of running a short program over data already provided them
> >and emailing it back?
> >
> >*^*^*^*
> >Have the courage to take your own thoughts seriously, for they will shape
> >you. -- Albert Einstein
> >
> >On Wed, 6 Dec 2000, James Moore wrote:
> >
> >> On 6 Dec 2000, Owen Boyle wrote:
> >>
> >> > Michael wrote:
> >> > > Is there any reason to pay for Verisigned keys or does setting up our
> >> > > companies own CA work equally well?
> >> >
> >> > Technically, a self-signed certificate will work perfectly well.
> >> > However, the browser will "inform" the user that it doesn't recognise
> >> > the authority that signed this certificate. If you use Verisign etc..
> >> > the browser will already recognise them as a Certificate Authority and
> >> > accept the certificate without a squeak.
> >> >
> >> > It depends what you want to use SSL for. If you want strangers to send
> >> > you their private details, you'd be better off with a commercial
> >> > certificate since they won't be frightened by the "warnings". However,
> >> > if you are using SSL for a specific closed group of users, then use your
> >> > own certificate and inform them about it...
> >>
> >> All true... but the primary motivation (IMO) for using a cert is if you
> >> are doing business with the general public (i.e. strangers). Customers
> >> who see warning messages emitted by their browser when they encounter a
> >> cert that's not signed by one of the browser-recognized CAs tend to get
> >> "cold feet". Therefore online merchants rush to pay Verisign and their
> >> ilk a fee for a cert that buys them some "warm and fuzzies".
> >>
> >> A cynic might argue that CAs represent the sleaziest sort of pandering;
> >> that it is designed to exploit the ignorance of the average consumer
> >> who believes that because his browser doesn't tattle on an "official"
> >> cert that he's dealing with a reliable party. He might also suggest
> >> that the entire CA industry is the result of a collusion of greed that
> >> is a result of RSA's partial ownership of Netscape.
> >>
> >> Good thing I'm not a cynic :)
> >>
> >> Best Regards,
> >> James Moore
> >> ______________________________________________________________________
> >> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> >> User Support Mailing List [EMAIL PROTECTED]
> >> Automated List Manager [EMAIL PROTECTED]
> >>
> >
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> >User Support Mailing List [EMAIL PROTECTED]
> >Automated List Manager [EMAIL PROTECTED]
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
