* Kyle Hamilton wrote on Fri, Jul 23, 2010 at 20:06 -0700: > There's a company called StartCom (http://www.startssl.com/) who will > do 2-year validity wildcard certs, upon verification of your identity > and verification that you have control of the domain for which you are > requesting certificates.
One of those `we verify by plain text mail and secure by 2048 bit RSA' CAs? (Cool is the idea to send an email to mydomain.com before creating a certificate to protect against mydomain.com domain name spoofing; if the attacker spoofed DNS already, she can request a certificate and automatically get the verification mail send to the spoofed domain). > Oh, and they're included in the latest Microsoft Root > Certificate Update for Windows XP, and all later versions; Could it happen if someone removed the certificate from the lists of trusted CAs that it would be reinstalled? I just checked my WinXP workstation and I don't find it, but I cannot check after each winupdate... > Firefox recognizes them, they're part of Apple's certificate > store, and it's pretty much only Opera who doesn't recognize > them for whatever reason. Because of this, unfortunately, end users have almost no chance to correctly perform their trust management. It is not transparent what tool uses which trust database - and it is even updated automatically. But on the other hand, most users don't even know what all this is about. Even banks tell their customers, seeing some small lock icon already means `secure'... oki, Steffen ---[end of message]------------------------------------------------>8======= About Ingenico: Ingenico is a leading provider of payment solutions, with over 15 million terminals deployed in more than 125 countries. Its 2,850 employees worldwide support retailers, banks and service providers to optimize and secure their electronic payments solutions, develop their offer of services and increase their point of sales revenue. More information on http://www.ingenico.com/. This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. P Please consider the environment before printing this e-mail ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org